22.7 Release: New: athenaOne® Admin Page to Monitor and Control PHR Application Access


This feature provides you with a view of all the Personal Health Record (PHR) apps that have access to your tablespace and thus can access your patients’ data after they provide consent.

While the 21st Century Cures Act prohibits information blocking by requiring that all patients have access to their personal data through PHR apps, the act allows for permitted exceptions. This feature not only allows you to view the apps connected to your tablespace, but also to disable the apps from your tablespace if they meet a permitted exception for your practice.






July 27, 2022 (22.7)


Admin page to view all personal health record (PHR) apps with access to your tablespace and disable access if they meet a 21st Century Cures permitted exception.


  • N/A

Is this a breaking change?

No, this is not a breaking change

Endpoints affected

  • N/A


Refer to the following resources for more information:



21st Century Cures Act and PHR Apps

The 21st Century Cures Act presents new regulations to ensure that patient safety and privacy remain front and center while allowing patients to access their own medical data through Personal Health Record (PHR) apps thus preventing industry practices known as “information blocking”.

What is changing

In accordance with the 21st Century Cures Act, athenahealth has changed its data access model for production apps, specifically for PHRs. Traditionally for production apps, athenahealth has had an Opt-In model where a practice must opt-in to allow an app access to its tablespace. For PHR’s, the Cures Act requires that these apps have permission to all tablespaces to prevent information blocking for patients.


While a PHR app can have access to your tablespace, the app cannot access a patients’ data until that patient has provided the app with consent.

Why we're making this change

At athenahealth, we wanted to provide our customers with the ability to view all the PHR apps that have access to their tablespace as the 21st Century Cures requirements are enforced. To provide visibility into the interoperable PHR connections with your tablespace, we have built a page in athenaOne®.

This admin page will not only allow you to monitor PHR app access to your tablespace, but also allow you to control access. The 21st Century Cures Act includes permitted exceptions to the information blocking laws that allow you to block apps that have sufficient evidence of being a “bad actor”. In the admin page you can disable these apps when warranted (and re-enable if necessary).


Be sure to review the 21st Century Cures information blocking law’s permitted exceptions before disabling an app to prevent your organization from being at risk of information blocking accusations.

What this means to me

Using the "Manage PHR Access" admin page

  1. On the Main Menu, click the Settings icon                                                   .
  2. Under ADMIN, click Practice Manager.
  3. In the Task Bar, under PRACTICE LINKS — Users, click Manage PHR Access.

         A picture containing text description automatically generated

A picture containing textDescription automatically generated

  1. Search the table to view all apps that have access to your tablespace. Use the search bar to find an app by name.
  2. Use the toggle on the right to enable / disable the app (blue = enabled, grey = disabled)
  3. If you use the toggle to disable an app, a pop up will appear to confirm you would like to opt-out of the app. Enter “CONFIRM” in the text box and select “Disable App” if you wish to continue. If you do not wish to continue, select “Cancel”.

Graphical user interface, text, applicationDescription automatically generated

User access and permissions

To access this admin page, you must have one of the following privileges in athenaOne:

  • Communicator admin 

  • *Practice Superuser 

  • Superuser – Clinicals 

  • Superuser – Collector 

  • Superuser – Communicator 

  • Management – Clinicals 

  • Management – Collector 

  • Management - Communicator 

Workflow scenario

  1. John Smith, a Practice Superuser at Seven Hills Medical Group, has heard from several patients that they are unfamiliar with the PHR app, Supreme Health, which is asking to access their data.
  2. John researches Supreme Health along with the 21st Century Cures information blocking permitted exceptions and deem that Supreme Health meets an exception.
  3. While Supreme Health is only able to gather patient data from Seven Hills Medical Group if a patient grants the app access, John wants to protect his patients’ data.
  4. Given that he is confident that this app meets a Cures information blocking permitted exception, he logs into athenaOne, navigates to the Practice Manager page and select “Manage PHR Access”.
  5. John uses the search bar to search for “Supreme Health” and finds the app in the table on the admin page.
  6. He sees the toggle on the right of the table is enabled, indicating that this app can access a patients’ data in the Seven Hills Medical Group tablespace (if given patient consent). To disable the app from accessing any data in his practice’s tablespace, John slides the toggle to the left.
  7. A popup appears on the screen alerting John that he is about to disable a PHR app which puts his practice at risk of information blocking accusations. John has thoroughly reviewed the Cure’s information blocking permitted exceptions and is confident that this app meets those criteria, so he types “CONFIRM” in the input box and selects “Disable App”.
  8. The pop-up closes and he now sees Supreme Health’s toggle is disabled.
  9. John knows that at any time, he can decide to re-enable the app via the toggle.

What will current users of the endpoint need to update in their code?


What will happen if users of the endpoint do not update their code?


Was this information helpful? Yes | No Thank you for your feedback! What went wrong? Incomplete or incorrect information | Irrelevant Content | Others

On this Page