Abstract
Objective
To describe real-world practices and variation in implementation of the Information Blocking provisions amongst healthcare organizations caring for pediatric patients.
Materials and methods
An online survey regarding implementation practices was distributed to representatives from 10 participating US healthcare organizations located in 6 different states. The survey was followed by structured interviews conducted through video conference. Information was gathered about implementation practices at each organization, with a focus on patient and proxy portal access to, and segmentation capabilities of, certain data classes listed in the United States Core Data for Interoperability Version 1.
Results
All organizations had implemented the information blocking provisions at their institution. All organizations utilized different portal account types for proxies and users. All organizations reported the capability of sharing labs, medications, problem lists, imaging, and notes with the parent/guardian of the non-adolescent minor user with differences in how sensitive elements within the data classes were protected. Variability existed in how data was shared with the remaining user types.
Discussion
Significant variability exists in how organizations have implemented the information blocking rules. Variation in data sharing and data access between institutions can result in privacy breaches and create confusion about completeness of data for patients and families.
Conclusion
Healthcare organizations have utilized varying strategies to comply with the information blocking provisions of the 21st Century Cures Act. Increased clarity from the Office of the National Coordinator for Health Information Technology on minor, adolescent, and caregiver privacy and improved segmentation capabilities from Electronic Health Record vendors is needed.
Keywords: information blocking, pediatric confidentiality, cures act, pediatric data sharing
Introduction
The United States Office of the National Coordinator for Health Information Technology (ONC) and the Centers for Medicare and Medicaid Services (CMS) published the information blocking provisions of the 21st Century Cures Act in Spring 2020, which mandated that, upon request, healthcare institutions share electronic health information (EHI) with their patients using a staged approach.1–3 As of October 2022, health systems were required to make available all EHI, adding to the April 2021 requirement to share data elements included in the United States Core Data for Interoperability version 1 (USCDI v1) standard.1,3,4 EHI includes all electronic protected health information that is part of an institution’s Designated Record Set, typically including medical records, billing and payment records, insurance information, wellness and disease management program information, and clinical notes (excluding psychotherapy notes), among other information.5
The intended impact of these regulations is to increase patients’ access to their medical records, to allow for easier exchange of health information among providers, patients, and healthcare organizations, and to support the transition towards value-based care.2 Although pediatric and adolescent patients and families can benefit from the information blocking provisions, implementation of these regulations requires health systems to navigate complex dynamics introduced by the caregiver and minor child or adolescent relationship.6–13
Information in the Pediatric Electronic Health Record (EHR) is sourced from multiple places (eg, the adolescent patient, guardians, school resources, secondary caregivers), and can be accessed by electronic health portal account holders, which includes patients and their proxies.
This leads to several scenarios where confidentiality could be compromised. Three common scenarios where a breach of privacy could occur are6–11,14,15:
A patient accesses confidential information disclosed by a parent/guardian
A parent/guardian accesses confidential information disclosed by an adolescent patient
A parent/guardian accesses confidential information disclosed by another parent/guardian
It is crucial that these potential breaches in confidentiality be minimized and prevented.7,15–19 Additionally, the federal information blocking regulations specify that state laws supersede the federal regulations, and therefore adolescents have a right to confidentiality guaranteed by their state.1–3
Even with consensus on the meaning of the federal information blocking rules, implementation is challenging and variable.14,15,19,20 Organizations have cited several factors affecting implementation, including technical feasibility, distinct state-level regulations, and legal complexity.15,20,21 Further, even prior to the information blocking regulations, variability in adolescent patient portal accounts had been noted.22
In this article, we describe real-world implementation practices of the information blocking provisions by 10 US healthcare organizations with pediatric inpatient and ambulatory services. We describe institutional approaches to balancing information sharing with privacy protection in pediatric care. Variability in implementation practices, as well as strategies for successful implementation and change management within organizations, are discussed.
Methods
A convenience sample of 14 organizations from multiple US states was identified through word-of-mouth networking. Representatives were contacted via email and 2 meetings were held via video conference to discuss challenges around interpretation and implementation of information blocking regulations for children’s hospitals and pediatric care in general.
A web-based survey and interview guide were designed to elicit descriptive information about implementation strategies (Supplementary Material A). One or 2 representatives from each of the 14 organizations were identified and contacted to complete a 2-part survey including the initial self-directed web-based questionnaire followed by a semi-structured interview. Contacted representatives all either directly held operational informatics roles at their organization or were involved in the implementation process as clinical subject matter experts. Four authors conducted the interviews via video conference with representatives from each participating organization using the interview guide to help direct the questions. Definitions were discussed, and consensus was reached between the 4 interviewers prior to the interviews. Policies discussed were already in place at the organizations at the time of interview, except for one organization, which had an implementation change planned shortly after the interview was conducted.
Questions were asked related to portal practices, challenges with implementation, organizational resources, and challenges unique to the organization. A special focus was given to how organizations were sharing specific data classes mentioned in the USCDI v1, including notes, labs, medications, problem lists, and images. The survey and interview included questions on change management and methods used to communicate changes to the data sharing policy with employees. Organizations were also asked about strategies used to protect confidentiality in common scenarios where privacy may need to be maintained, including instances such as possible child abuse evaluation, documentation of confidential maternal information in the child’s chart, and general policies for adolescent patients.
Survey responses were organized and analyzed categorically by tabulating totals for implementation patterns arranged by electronic health portal account type and by the data elements being shared. Descriptive data were summarized and organized into themes for easy comparison. Questions that arose during the analysis process were clarified by the representative of the appropriate organization. This study was approved by the Geisinger Institutional Review Board (2022-0302).
Results
Responses were received from 10 of the 14 organizations contacted. Web-based questionnaires were completed, and video interviews were conducted from May 2022 through September 2022 with the study participants. Titles of the study participants included: Chief Medical Information Officer, Associate Chief Medical Information Officer, Assistant Medical Director of Information Services, Program Director of Clinical Informatics Fellowship, Director—Pediatric Quality and Safety, Pediatric liaison—Physician Informatics, Instructor in Population Health Sciences—Health Informatics Division, Clinical Champion of Patient Privacy in the Portal, Assistant Professor of Pediatrics, and Associate Program Director for the Adolescent Medicine Fellowship.
Organizations included in the study were located in 6 US states, including California (1), Texas (2), Ohio (2), Pennsylvania (2), Massachusetts (1), and New York (2), each with variable state laws regarding privacy and minors.21 Settings included rural, suburban, and urban locations and organizations were a mixture of standalone children’s hospitals with associated ambulatory services and integrated medical centers with adult and pediatric inpatient and outpatient services. Nine of the organizations used Epic as their EHR vendor; one organization used Cerner. Some of the individuals interviewed represented organizations whose policies also affected affiliated community hospitals and clinics given that they shared a single instance of their EHR system. Details about the organizations interviewed are highlighted in Table 1.
Table 1.
Characteristics of participating organizations.
| Organizations (n = 10) | Organization characteristics | Geographical region |
|---|---|---|
| Organization A |
|
Northeast |
| Organization B |
|
Midwest |
| Organization C |
|
Northeast |
| Organization D |
|
Northeast |
| Organization E |
|
Northeast |
| Organization F |
|
Northeast |
| Organization G |
|
Southwest |
| Organization H |
|
Southwest |
| Organization I |
|
West |
| Organization J |
|
Midwest |
General implementation strategies and change management
The survey and interviews were conducted more than a year after the initial information blocking rules went into effect in April 2021. Survey respondents provided information regarding stakeholders and team structure for decision-making, education, and communication strategies for both employees and patients/families, and general challenges faced with implementing the 21st Century Cures Act regulations.
All 10 organizations included in the study identified a dedicated team of individuals working on their implementation plan for EHI access. Team sizes varied widely, ranging from less than 5 individuals to more than 21 per team. Within the decision-making teams, the most common roles at the 10 study organizations included physician informaticians (10/10), nurse informaticians (7/10), clinical subject matter experts (9/10), operational leaders (9/10), and representatives from data analytics (10/10), legal (10/10), and privacy (8/10) departments. Additionally, some organizations reported incorporating patient/family focus groups to help inform institution-specific processes and standards.
Methods for employee education were variable, and included strategies such as mandatory training modules, training videos, educational seminars, frequent emails, tip sheets, grand rounds presentations, direct quality/note audit information, and presentations at individual department and faculty meetings. Patient and family education strategies utilized email communication, organizational website updates, paper and electronic handouts, and community engagement via articles in local newspapers.
Respondents described numerous challenges to successful implementation, including technical limitations within the EHR, interpretation of state laws, and the cost and resources involved. Some organizations described having limited institutional resources dedicated to changes amidst competing priorities for clinical work and IT changes within the organization. Additional challenges included variable buy-in from clinical groups and frustration from clinicians regarding changes to documentation practices and the need to separate sensitive from non-sensitive data. A common theme regarding effective change management was to involve clinical stakeholders early and often in the decision-making and implementation processes.
Portal account types
Most organizations utilized several types of portal accounts for their pediatric and adolescent population. The most commonly reported portal account types are shown in Figure 1. There was variation amongst organizations in the configuration, access, and use of the portal account types, with no two organizations utilizing the same settings. Three organizations created two different portal account types for the parent/guardian of an adolescent user with varying levels of access. One organization did not differentiate between a proxy of child and proxy of adolescent user. One organization used a different vendor than their EHR to communicate with proxies of children in foster care.
Figure 1.
Commonly implemented patient portal account types amongst surveyed organizations. (1) “Adolescent” definition varies for purpose of patient portal access, typically starting between 11 and 14 years of age with upper limit at <18 years old, but definition varies per institution. (2) “Child” refers to younger, non-adolescent pediatric patient; definition varies per institution for purpose of patient portal access; typically indicates birth to institution-defined “adolescent” age for portal. (3) Three organizations had 2 different account types available for the proxy of adolescent with different levels of access to patient data. Five Organizations reported that they have different security settings for the different portal account types; 3 organizations reported they had the same security settings for all their portal account types; 2 organizations had the same settings for all their portal account types except for the account for the proxy of minor in Foster care.
All organizations had proxy parent/guardian access only for a child account (non-adolescent), with no access option for the younger child directly. The age at which a pediatric child account transitioned to an adolescent account (if available), ranged from age 11 to 14 years, with age 13 years being the most common. Five organizations reported that they had different security settings for the multiple portal account types, to allow for data segmentation by user type. Three organizations had the same settings for all portal account types, and 2 had the same settings for all portal account types except for the account for proxy of child in foster care.
Implementation strategies by USCDIv1 data classes
Table 2 summarizes the capabilities of the institutions we surveyed to share various classes of EHR data with different portal account types. Additional nuances in information sharing and data segmentation capabilities are discussed below.
Table 2.
Three most commonly reported pediatric portal account types, with associated EHR data sharing capability for 5 USCDI data classes.
|
5 USCDI data classes: reported data sharing per account type
a
|
||||||
|---|---|---|---|---|---|---|
| Portal account type | Available at organizations (responses, n = 10) | Lab results | Medications | Problem list | Imaging | Clinical notes |
|
||||||
|
9/10 | 9/9 | 9/9 | 9/9 | 9/9 | 8 c /9 |
|
||||||
|
10/10 | 10/10 | 10/10 | 10/10 | 10/10 | 10/10 |
|
10/10 | — | — | — | — | — |
| Single option available | 7/10 | 7/7 | 6/7 | 6/7 | 7/7 | 6/7 |
| Multiple options availablee | 3/10 | — | — | — | — | — |
| Restricted option | 3/3 | 1/3 | 1/3 | 1/3 | 1/3 | 0/3 |
| Less restricted option | 3/3 | 3/3 | 3/3 | 3/3 | 3/3 | 3/3c |
| Ability to distinguish sensitive from non-sensitive elements | 10/10 | 10/10 | 7/10 | 7/10 | 7/10 | Not applicable |
The bold face values describe the general portal account types. The non-bold face values describe variations that existed within the ‘proxy account for adolescent’ portal account type.
Indicates sharing of each element in any capacity but may not account for certain sensitive elements within each data class that may be hidden or systematically not shared.
“Adolescent” definition varies for purpose of patient portal access, typically starting between 11 and 14 years of age with upper limit at <18 years old, but definition varies per institution.
One organization defaulted clinical notes to be not shared with the proxy and adolescent portal account types, with a provider-level option to override the default setting.
“Child” refers to younger pediatric patient; definition varies per institution for purpose of patient portal access; typically indicates birth to institution-defined “adolescent” age for portal.
Organizations with multiple options had different security clearances for restricted versus unrestricted proxy access.
Clinical notes
All surveyed institutions allowed the provider to override individual note sharing if appropriate conditions were met to not share, as defined at each individual institution, based on information blocking exceptions such as patient harm.1 Four institutions created special note types with customized configuration to document confidential information.
All interviewees noted concerns for possible unintentional confidentiality breaches in clinical notes shared within adolescent and parent/guardian proxy accounts. Table 3 highlights strategies used by the interviewed institutions to prevent unintentional disclosures in 3 common pediatric scenarios where privacy is essential. Nine institutions developed specific workflows to prevent sharing notes in cases where a patient was being evaluated for child abuse or neglect. Three institutions mentioned specific workflows to protect confidential maternal information in the newborn chart or had altered documentation practices to reduce the likelihood of accidental disclosures. All organizations mentioned a variety of strategies to protect confidential adolescent information within notes, including rules that prevented sharing based on note type, user type, or the context in which notes were generated.
Table 3.
Reported strategies to prevent unintentional confidentiality breaches in clinical notes shared in the patient portal for 3 pediatric-specific sensitive information scenarios.
| Confidential adolescent information |
| Redesign adolescent note templates to prevent accidental disclosure of confidential information through data that auto-populates in the note. Example: Replace a link that automatically pulls in elements into the patient notes, such as Past Medical History section, with hyperlinks to the section in EHR instead |
| Create a custom psychosocial module that providers could use to document confidential history that was not shared through the patient portal. To encourage use, hyperlinks were embedded in the adolescent note template to connect to the module in the documentation workflow. |
| Encourage providers to document using 2 different notes and only share the note that does not contain sensitive information |
| Default notes generated within certain departments or locations to “do not share,” such as in an adolescent health division or family planning center |
| Create tiered accounts for the proxy of adolescent user, with differing levels of access to clinical notes |
| Child abuse/neglect |
| Create a specific “Child Abuse” note type or other general confidential note type to document this information |
| Prevent any note written in department(s) responsible for child abuse evaluations (such as a child advocacy center) from being shared through the patient portal |
| Create confidential child abuse encounter types where no generated data elements are shared |
| Confidential maternal information |
| Use a confidential note type to document sensitive maternal information in either or both the maternal and infant/pediatric charts |
| Remove or reduce links that automatically import maternal history into a newborn note |
| Utilize EHR functionality where certain text dissapears from a note after signing as a type of decision support to encourage providers to be mindful of sensitive maternal content |
Table 3 reflects summarized comments from interviewees, combined into themes to highlight practical approaches to protect sensitive information in 3 key areas of concern.
These strategies are not without their challenges. For example, interviewees noted concerns about changes in workflows when documenting in 2 different notes for adolescents. Also, interviewees who worked at integrated adult/pediatric centers mentioned that it could be challenging to communicate the complexity of adolescent confidentiality to adult providers who only occasionally see pediatric patients. Disseminating clinician and staff education about adolescent confidentiality to affiliated but remote sites that share the same EHR instance was another challenge noted.
Distinguishing sensitive from non-sensitive labs, images, problem lists, and medications
Organizations had varying capabilities of distinguishing sensitive from non-sensitive data elements (Table 2). Those who were able to distinguish sensitive from non-sensitive data elements chose to either not share sensitive elements at the system level or default those elements to not share with the ability for manual override by providers. Methods of identifying sensitive elements within a data class included the formation of expert panels to determine which specific elements would be deemed sensitive. Alternatively, some organizations deemed elements sensitive if the element (eg, ordered lab) was associated with a diagnosis that was considered sensitive (eg, sexually transmitted infection screening). One organization utilized a confidential order panel, where all items in the order panel are set to “not share” with the ability for manual override.
Discussion
Variability in implementation practices
Over a year after federal information blocking provisions were implemented, we found considerable variability in the way the rules have been implemented at the institutions interviewed, including variation in data segmentation capabilities and access policies. Notable differences were identified even between organizations with certain similarities, such as those operating under the same state regulations, those with similar patient populations or structure (eg, standalone children’s hospitals), and those within similar practice locations (eg, urban or rural/suburban). In concordance with prior literature, organizations in our survey cited technical feasibility and legal restrictions as challenges to implementation.15,21 Additionally, some organizations mentioned limited resources dedicated to implementation. These factors influence on each organization likely contribute to the variability in implementation noted.
Variability in the way information is shared across institutions and across state lines can create confusion for providers and for patients.15,19,21,23,24 Such data sharing becomes especially important with increased interoperability—for example, laboratory results from one institution may be visible in the EHR of another institution and subject to different types of protection or state-level regulations.21
All 50 states have unique laws regarding adolescent care which specify specific use cases, such as screening for sexually transmitted infections, where an adolescent is guaranteed confidential care.17,19,21,23 As EHI is increasingly shared between organizations across states lines, heightened attention to potential legal implications around privacy is warranted, with particular considerations around adolescent confidentiality as well as pregnancy-related EHI in the post-Roe era.21,24,25 In addition to patient privacy issues, variability in data sharing practices across organizations can result in patients, parents, and care teams having incomplete information, often without realizing the information is incomplete.
Privacy and methods of data segmentation
Confidential information can be interspersed throughout a patient’s chart and is often intermixed with non-confidential information.4,6–11 Additionally, what information is considered confidential can be unique to each patient—for example, while some adolescents may be comfortable sharing their gender identity and sexual orientation with their parents, others may want that information to be private. In our study, although there was variability in the overall implementation plans regarding confidentiality, certain general trends in how organizations chose to segment confidential data at different levels and granularity were noted.
Most organizations segmented data at varying levels of granularity: for example, segmenting data at the data class, data element, or encounter level. Additionally, most organizations segmented data at multiple levels (for example, restricting certain data classes from a user type, while sharing other classes with the same user type, but restricting sensitive elements within those classes). Among the respondents, we noted variation in whether organizations allowed the provider to make decisions on segmenting certain sensitive elements versus allowing the system to make that decision. System-level decisions tend to be more generalized, simplify workflows, and may improve usability for providers but cannot be customized to the individual patient. Alternatively, giving end-users the ability to share or not share sensitive information at the patient level provides flexibility and granularity; however, this workflow places increased responsibility on providers, who may be already burdened with other cognitive tasks, to protect confidentiality. Many institutions using the latter approach minimized the occurrence of unintended disclosures by use of default settings protecting sensitive content (defined at the organization level) that providers could then choose to override.
The American Academy of Pediatrics (AAP) endorses the recommendation by The North American Society for Pediatric and Adolescent Gynecology (NASPAG) and the Society for Adolescent Health and Medicine (SAHM) that organizations should utilize unique patient portal account types to segment data.7,26 All institutions surveyed employed different portal account types and many had different security settings for each unique portal account. Recent studies have shown that portal account types are often linked to the wrong user (for example, a parent may be accessing an adolescent’s account).25 Organizations relying on segmenting data differently to different portal account types may need to start identifying and rectifying issues with inappropriate access.
Clinical notes, a data class defined in the USCDI v1, generally contain the most comprehensive and detailed history and evaluation for a patient.10,11,27,28 One notable finding in this study was that while several organizations had robust measures in place to protect sensitive content in clinical notes written for adolescent patients, the same was not true for clinical notes written for pediatric patients, except for in certain circumstances such as child abuse evaluations. According to Lee et al.,27 sensitive information can be found in clinical notes in all contexts and are not limited to only adolescent patients or to certain specialties. Future directions for organizations may include focusing on recognition and protection of sensitive information in all clinical documentation.
Limitations
Since the time of interviews, information sharing requirements have continued to expand—including the requirement to share all EHI upon request as of October 2022, and to allow export of the entire record by December 31, 2023.2 This study focused on the implementation practices when the definition of electronic health information was limited to the data classes listed in the USCDI v1. Additional limitations of the study include that the authors were reliant on interviewers for all gathered information regarding institutional practices. Participating organizations all identified as academic medical centers, and all utilized 1 of 2 EHR vendors. Although our sample of 10 institutions interviewed represent experiences influenced by a variety of regional policies and practices, they do not provide a comprehensive representation of approaches taken throughout United States.
Conclusion
Since the ONC’s final rules related to information blocking were released, organizations have diligently tried to comply with the rules while caring for their pediatric and adolescent populations. In this study, no two organizations responded to the regulations identically, indicating difficulties in interpretation of the regulations and compliance from a technical standpoint. Variability in data sharing practices across institutions could lead to unintended disclosures of confidential information, resulting in patient harm. Improvements in more granular data segmentation capabilities from EHR vendors would help with both implementation as well as optimizing sensitive EHI sharing for all patients. Additionally, more clarification from the ONC on pediatric and adolescent privacy protection and national best practice guidelines for pediatric data sharing are needed.
Supplementary Material
Acknowledgments
We thank the following persons for their contributions to this project: each of the representatives interviewed from the 10 organizations for participating in our study; Dr Bimal Desai (Children’s Hospital of Philadelphia, Perelman School of Medicine at the University of Pennsylvania), Dr Kenn Mandl (Boston Children’s Hospital and Harvard Medical School), and Dr Marianne Sharko (Weill Cornell Medicine, Department of Population Health Sciences and Pediatrics) for their contribution to the web-based survey; and to all those who attended the 2 initial video conference meetings discussing challenges to implementation.
Contributor Information
Shikha Sinha, Department of Informatics, Geisinger Health System, Danville, PA 17821, United States; Department of Biomedical and Health Informatics, Children’s Hospital of Philadelphia, Philadelphia, PA 19146, United States.
Michael Bedgood, Department of Pediatrics, Stanford University School of Medicine, Palo Alto, CA 94304, United States; California Department of Public Health, Coronavirus Science Branch, Richmond, CA 94804, United States.
Raghuveer Puttagunta, Department of Informatics, Geisinger Health System, Danville, PA 17821, United States; Department of Pediatrics, Geisinger Health System, Danville, PA 17821, United States.
Akaash Kataria, Department of Informatics, Geisinger Health System, Danville, PA 17821, United States; Department of Pediatrics, Geisinger Health System, Danville, PA 17821, United States.
Fabienne Bourgeois, Department of Pediatrics, Boston Children’s Hospital, Boston, MA 19148, United States.
Jennifer A Lee, Department of Pediatrics, College of Medicine, The Ohio State University, Columbus, OH 43210, United States; Divisions of Pediatric Gastroenterology and Clinical Informatics, Hepatology, and Nutrition, Nationwide Children’s Hospital, Columbus, OH 43205, United States.
Jennifer Vodzak, Department of Informatics, Geisinger Health System, Danville, PA 17821, United States; Department of Pediatrics, Geisinger Health System, Danville, PA 17821, United States.
Eric Hall, Research Institute, Geisinger Health System, Danville, PA 17821, United States.
Bruce Levy, Department of Informatics, Geisinger Health System, Danville, PA 17821, United States; Geisinger Commonwealth School of Medicine, Scranton, PA 18510, United States.
David K Vawdrey, Department of Informatics, Geisinger Health System, Danville, PA 17821, United States.
Author contributions
S.S. conceptualized and designed the study, designed the data collection instruments, collected data, carried out initial analysis, drafted the initial manuscript, and critically reviewed and revised the manuscript. M.B., R.P., and A.K. designed the study, designed the data collection instruments, collected data, carried out initial analysis, and critically reviewed and revised the manuscript. F.B., J.V., and J.A.L. critically reviewed and revised the manuscript. E.H. and B.L. conceptualized and designed the study, and critically reviewed and revised the manuscript. D.K.V. conceptualized and designed the study, designed the data collection instrument, and critically reviewed and revised the manuscript. All authors approved the final manuscript as submitted and agree to be accountable for all aspects of the work.
Supplementary material
Supplementary material is available at Journal of the American Medical Informatics Association online.
Funding
This project was conducted without any specific funding support.
Conflicts of interest
None declared.
Data availability
The data underlying this article cannot be shared publicly to protect the privacy of the individuals who participated in the study, and the organizations they represented. The data will be shared on reasonable request to the corresponding author, with permission from the participating individuals.
References
- 1. Office of the National Coordinator for Health Information Technology. Information Blocking. Accessed September 2022. https://www.healthit.gov/topic/information-blocking.
- 2. Office of the National Coordinator for Health Information Technology. ONC’s Cures Act Final Rule. Accessed September 2022. https://www.healthit.gov/topic/oncs-cures-act-final-rule.
- 3. Office of the National Coordinator for Health Information Technology. 21st Century Cures Act: interoperability, information blocking, and the ONC health IT certification program. Fed Register. 2020;85(85):25642-25961. [Google Scholar]
- 4. American Academy of Pediatrics. What Pediatricians Need to Know About the 21st Century Cures Act Interoperability Final Rule. Accessed November 8, 2022. aap.org.
- 5. U.S. Department of Health & Human Services. Health Information Privacy. Accessed November 2022. https://www.hhs.gov/hipaa/for-professionals/faq/2042/what-personal-health-information-do-individuals/index.html.
- 6. Sinha S, Puttagunta R, Vodzak J.. Interoperability and information-blocking rules: implications for pediatric and adolescent health care professionals. JAMA Pediatr. 2021;175(10):997-998. 10.1001/jamapediatrics.2021.2077 [DOI] [PubMed] [Google Scholar]
- 7. Carlson J, Goldstein R, Hoover K, et al. NASPAG/SAHM statement: the 21st Century Cures Act and adolescent confidentiality. J Pediatr Adolesc Gynecol. 2021;34(1):3-5. 10.1016/j.jpag.2020.12.015 [DOI] [PubMed] [Google Scholar]
- 8. Pageler NM, Webber EC, Lund DP.. Implications of the 21st Century Cures Act in pediatrics. Pediatrics 2021;147(3):e2020034199. 10.1542/peds.2020-034199 [DOI] [PubMed] [Google Scholar]
- 9. Arvisais-Anhalt S, Lau M, Lehmann CU, et al. The 21st Century Cures Act and multiuser electronic health record access: potential pitfalls of information release. J Med Internet Res. 2022;24(2):e34085. 10.2196/34085 [DOI] [PMC free article] [PubMed] [Google Scholar]
- 10. Bourgeois FC, DesRoches CM, Bell SK.. Ethical challenges raised by OpenNotes for pediatric and adolescent patients. Pediatrics 2018;141(6):e20172745. 10.1542/peds.2017-2745 [DOI] [PubMed] [Google Scholar]
- 11. Sarabu C, Pageler N, Bourgeois F.. OpenNotes: toward a participatory pediatric health system. Pediatrics 2018;142(4):e20180601. 10.1542/peds.2018-0601 [DOI] [PubMed] [Google Scholar]
- 12. Kelly MM, Thurber AS, Coller RJ, et al. Parent perceptions of real-time access to their hospitalized child’s medical records using an inpatient portal: a qualitative study. Hosp Pediatr. 2019;9(4):273-280. 10.1542/hpeds.2018-0166 [DOI] [PMC free article] [PubMed] [Google Scholar]
- 13. Kelly MM, Hoonakker PLT, Nacht CL, et al. Parent perspectives on sharing pediatric hospitalization clinical notes. Pediatrics 2023;151(1):e2022057756. 10.1542/peds.2022-057756 [DOI] [PMC free article] [PubMed] [Google Scholar]
- 14. Lee JA, Miller SD, Mezoff EA, Screws J, et al. The 21st Century CURES Act in pediatric gastroenterology: problems, solutions, and preliminary guidance. J Pediatr Gastroenterol Nutr. 2021;72(5):700-703. 10.1097/MPG.0000000000003117 [DOI] [PubMed] [Google Scholar]
- 15. Sisk BA, Antes AL, Bereitschaft C, et al. Challenges to developing and implementing policies for adolescent online portal access. Pediatrics 2023;151(6):10-1542. /peds.2023-061213 [DOI] [PubMed] [Google Scholar]
- 16. American Academy of Pediatrics. Guiding Principles for Information Sharing and Blocking in Pediatric Care. Accessed November 8, 2022. https://www.aap.org/en/practice-management/health-information-technology/guiding-principles-for-information-sharing-and-blocking-in-pediatric-care/.
- 17. Maslyanskaya S, Alderman EM.. Confidentiality and consent in the care of the adolescent patient. Pediatr Rev. 2019;40(10):508-516. 10.1542/pir.2018-0040 [DOI] [PubMed] [Google Scholar]
- 18. Hagan JFSJ, Duncan PM.. Bright Futures: Guidelines for Health Supervision of Infants, Children, and Adolescents. 4th ed.American Academy of Pediatrics; 2017. [Google Scholar]
- 19. Pasternak RH, Alderman EM, English A.. 21st Century Cures Act ONC rule: implications for adolescent care and confidentiality protections. Pediatrics 2023;151(Suppl 1):e2022057267K. [DOI] [PubMed] [Google Scholar]
- 20. Bedgood M, Kuelbs CL, Jones VG, et al. Organizational perspectives on technical capabilities and barriers related to pediatric data sharing and confidentiality. JAMA Netw Open. 2022;5(7):e2219692. 10.1001/jamanetworkopen.2022.19692 [DOI] [PMC free article] [PubMed] [Google Scholar]
- 21. Sharko M, Jameson R, Ancker JS, et al. State-by-state variability in adolescent privacy laws. Pediatrics 2022;149(6):e2021053458. 10.1542/peds.2021-053458 [DOI] [PubMed] [Google Scholar]
- 22. Sharko M, Wilcox L, Hong MK, et al. Variability in adolescent portal privacy features: how the unique privacy needs of the adolescent patient create a complex decision-making process. J Am Med Inform Assoc. 2018;25(8):1008-1017. 10.1093/jamia/ocy042 [DOI] [PMC free article] [PubMed] [Google Scholar]
- 23. Guttmacher Institute. An Overview of Consent to Reproductive Health Services by Young People. 2022. Accessed October, 2022. https://www.guttmacher.org/state-policy/explore/overview-minors-consent-law.
- 24. Clayton EW, Embí PJ, Malin BA.. Dobbs and the future of health data privacy for patients and healthcare organizations [published correction appears in J Am Med Inform Assoc. 2022 Oct 04]. J Am Med Inform Assoc. 2022;30(1):155-160. 10.1093/jamia/ocac155 [DOI] [PMC free article] [PubMed] [Google Scholar]
- 25. Ip W, Yang S, Parker J, et al. Assessment of prevalence of adolescent patient portal account access by guardians. JAMA Netw Open. 2021;4(9):e2124733. 10.1001/jamanetworkopen.2021.2473 [DOI] [PMC free article] [PubMed] [Google Scholar]
- 26. Wyckoff A. AAP Endorses Statement Raising Awareness of Teen Confidentiality Issues in Cures Act. 2021. Accessed September 2022. https://publications.aap.org/aapnews/news/17335.
- 27. Lee J, Yang S, Holland-Hall C, et al. Prevalence of sensitive terms in clinical notes using natural language processing techniques: observational study. JMIR Med Inform. 2022;10(6):e38482. 10.2196/38482 [DOI] [PMC free article] [PubMed] [Google Scholar]
- 28. Parsons CR, Hron JD, Bourgeois FC.. Preserving privacy for pediatric patients and families: use of confidential note types in pediatric ambulatory care. J Am Med Inform Assoc. 2020;27(11):1705-1710. 10.1093/jamia/ocaa202 [DOI] [PMC free article] [PubMed] [Google Scholar]
Associated Data
This section collects any data citations, data availability statements, or supplementary materials included in this article.
Supplementary Materials
Data Availability Statement
The data underlying this article cannot be shared publicly to protect the privacy of the individuals who participated in the study, and the organizations they represented. The data will be shared on reasonable request to the corresponding author, with permission from the participating individuals.