Manage PHR Access
athenaOne Practice Managers and Superusers can use this admin page to view a list of all PHR (Personal Health Record) apps that have access to your tablespace, and enable or disable access.
Note: To manage access for non-PHR apps that are using only Certified APIs, use the Manage Certified API App Access admin page.
How do I get to this page?
On the Main Menu, click Settings 
>Practice Manager. In the left menu,under Practice Links — Certified API Apps, click Manage PHR App Access.
User access and permissions
To access this admin page, you must have one of the following privileges in athenaOne:
- Communicator admin
- Practice Superuser
- Superuser — Clinicals
- Superuser — Collector
- Superuser — Communicator
- Management — Clinicals
- Management — Collector
- Management — Communicator
Step-by-step instructions
To enable or disable PHR apps
- Display the Manage PHR App Access page: On the Main Menu, click Settings >Practice Manager. In the left menu, under PRACTICE LINKS — Certified API Apps, click Manage PHR App Access.
- The Manage PHR App Access page appears, with a list of all Personal Health Record apps that have access to your practice's data.
- Use the search bar to find an app by name.
- Use the toggle under the Enable column to enable or disable the app (blue = enabled, gray = disabled)
-
If you use the toggle to disable an app, a pop-up Warning message will appear. Disabling a PHR app may place your organization at risk of information blocking accusations. For guidance on permitted exceptions, see the 21st Century Cures Act Information Blocking Exceptions.
- Enter CONFIRM in the text box and select Confirm if you wish to continue.
- If you do not wish to continue, select Cancel.
Features and workflows
21st Century Cures Act and Information Blocking Rule
The 21st Century Cures Act establishes new requirements to enhance the facilitation and transmission of healthcare information between doctors, patients, and relevant third parties, while ensuring that patient safety and privacy remain front and center in the healthcare industry.
Under the Cures Act’s Information Blocking Rule, healthcare IT providers and clinicians are forbidden from taking actions (or failing to take actions) that are likely to interfere with the access or exchange of Electronic Healthcare Information.
Manage Personal Health Record apps access
Traditionally for production apps, athenahealth has had an opt-in model where a practice must opt-in to allow an app access to its tablespace. For PHRs, the 21st Century Cures Act requires that these apps have permission to all tablespaces to prevent information blocking for patients. The Cures Act includes permitted exceptions that allow you to block apps that have sufficient evidence of being a “bad actor” (see the 21st Century Cures Act Information Blocking Exceptions for details).
This Manage PHR App Access admin page allows athenaOne Practice Managers and Superusers to enable and disable PHR apps' access to their practice's data.
Notes:
- While a PHR app can have access to your tablespace, the app cannot access a patient's data until that patient has provided the app with consent.
- To manage access for non-PHR apps that are using only Certified APIs, use the Manage Certified API App Access admin page.