21st Century Cures Act: Impacts on Patient and Care

Healthcare Informatics

Wilson College

21st Century Cures Act: Impacts on Patient and Care

Patient Health Information Violation

The infraction relating to HIPAA violation was by Martha Smith-Lightfoot who

happens to be a former nurse at the University of Rochester Medical Center (URMC)

(Donovan, 2018). The nurse admitted to PHI disclosure when she took over 3,000 patient

health information belonging to her former employer (URMC) to the new employer Greater

Rochester Neurology (GRN) (Donovan, 2018). The PHI consists of the client’s names,

addresses, date of birth, and diagnoses. Nurse Martha Smith-Lightfoot was given a twelve-

month suspension, three years of a probationary period, and a one-year extended suspension

(Donovan, 2018). Additionally, URMC pledged to provide instruction to its employees on

rules and procedures surrounding the protection and use of PHI after being fined $15,000 for

the HIPAA breach (Donovan, 2018).

Future Occurrence Prevention and Potential Issues

Act (HIPAA) breaches about the transfer of patient health data from one employer to another,

including.

1. Education and Training: Make certain that all staff members receive training on

HIPAA rules and the significance of safeguarding patient health information (PHI)

(Zhou et al., 2019).

2. Controls of Access: Restrict individuals who can access and transmit PHI by putting

in place stringent access restrictions, taking advantage of robust authentication

techniques (Multiple factor authentication (MFA) and distinct user IDs (Zhou et al.,

2019).

3. Audit Trails: To keep an eye out for and identify any illegal activity, keep thorough

audit logs of all PHI access and transfers (Zhou et al., 2019).

4. Encrypt all personal health information (PHI) while it's in transit and at rest to prevent

unwanted access (Zhou et al., 2019)

5. Establish and implement explicit rules and processes for managing PHI, including

guidelines for record transfers between companies (Zhou et al., 2019).

6. Exit Process: Establish official leave processes for departing workers, making sure

they sign paperwork admitting their obligations to retrieve all PHI (Zhou et al., 2019).

However, future potential issues from this PHI violation are those related to:

1. Legal Repercussions: Serious legal repercussions, such as fines, penalties, and

possible criminal prosecution, may follow a HIPAA violation (Edemekong et al.,

2023).

2. Loss of Trust: If the medical facility handles personal health information (PHI)

improperly, clients may stop trusting it, which could adversely impact the provider's

reputation and standing (Edemekong et al., 2023).

financial fraud brought on by unauthorized access to personal health information (PH

I) (Edemekong et al., 2023)

4. Operational Interruptions: Economic losses and a decline in customer satisfaction may

result in legal proceedings and inquiries that interfere with medical services

(Edemekong et al., 2023).

5. Increased Criticism: Regulatory agencies may be more likely to investigate and verify

for conformity with entities that have a previous record of HIPAA infractions

(Edemekong et al., 2023).

Healthcare businesses can more effectively secure patient information and steer clear

of HIPAA breaches by putting these preventative measures into place and being conscious of

the potential risks.

21st Century Cures Act

Under the 21st Century Cures Act's requirement that clients access their medical data,

particularly appointment logs and laboratory test findings, through a secure online platform,

client access to health information has been profoundly impacted. The 21st Century Cures

Act's advantages include:

1. Empowerment: Individuals obtain significant autonomy over their medical records,

which enables them to make better decisions regarding their treatment (Risk

Management Foundation, 2025)

2. Transparency: Improved confidence and interaction between patients and providers can

result from more openness in the healthcare industry (Risk Management Foundation,

2025).

3. Convenience: Clients no longer require trips to medical institutions because they can

retrieve their medical records from any location (Risk Management Foundation, 2025).
 4. Improved Treatment Coordination: Having access to thorough medical records will help

various healthcare practitioners better coordinate patient treatment, which will enhance

patient outcomes (Risk Management Foundation, 2025).

However, the negative aspects of the 21st Century Cures Act are related to:

1. Privacy Concerns: Whenever adequate safety precautions are not in place, there may

be a chance that confidential medical data might be accessed without authorization

(Brooks et al., 2023).

2. Misinterpretation: Erroneous self-diagnosis or needless worry can result from

individuals misinterpreting medical data in the absence of appropriate context or

advice from medical professionals (Brooks et al., 2023).

3. Technical Problems: Issues with connectivity or system outages might make it

difficult to obtain medical records, which can affect patient treatment (Brooks et al.,

2023).

4. Administrative Burden: To maintain regulatory compliance and handle medical data

demands, medical personnel might be confronted with a higher administrative load

(Brooks et al., 2023).

However, mechanisms for regular surveillance and enhancement are crucial to

addressing these issues; thus, maintaining the highest standards of care safety and

effectiveness may be facilitated by routine safety inspections, user feedback collection, and

telehealth infrastructure improvements (U.S. Centers for Medicare & Medicaid Services,

2020). Therefore, for telehealth services to be implemented successfully and continue to

develop, cooperation between healthcare professionals, technology specialists, clients,

government agencies, and insurance organizations is needed (U.S. Centers for Medicare &

Medicaid Services, 2020). Also, stakeholders may prioritize patient safety while ensuring that
telehealth services are proportionate, accessible, and available through partnership (U.S.

Centers for Medicare & Medicaid Services, 2020).

Brooks, J. V., Zegers, C., Sinclair, C. T., Wulff-Burchfield, E., Thimmesch, A. R., English, D.,

& Nelson-Brantley, H. V. (2023). Understanding the Cures Act information blocking

rule in cancer care: A mixed methods exploration of patient and clinician perspectives

and recommendations for policymakers. BMC Health Services Research, 23(216).

https://doi.org/10.1186/s12913-023-09230-z

Donovan, F. (2018). New York suspends nurse for HIPAA violation affecting 3K patients.

Informa TechTarget.

https://www.techtarget.com/healthtechsecurity/news/366595914/New-York-Suspends-

Nurse-for-HIPAA-Violation-Affecting-3K-Patients

Edemekong, P. F., Annamaraju P., Afzal, M., & Haydel, M. J. (2023). Health Insurance

Portability and Accountability Act (HIPAA) compliance. Treasure Island (FL):

StatPearls Publishing. https://www.ncbi.nlm.nih.gov/books/NBK500019/

Risk Management Foundation. (2025). Cures Act Overview. CRICO.

https://www.rmf.harvard.edu/Risk-Prevention-and-Education/Article-Catalog-Page/

Articles/2021/Cures-Act-Overview

U.S. Centers for Medicare & Medicaid Services. (2020). Interoperability and patient access

fact sheet. https://www.cms.gov/newsroom/fact-sheets/interoperability-and-patient-

access-fact-sheet

Zhou, L., Thieret, R., Watzlaf, V., Dealmedia, D., & Paaramanto, B. (2019). A telehealth

privacy and security self-assessment questionnaire for telehealth providers:

Development and validation. International Journal of Telerehabilitation, 11(1), 3.

doi:https://doi.org/10.5195/ijt.2019.6276