The Future of EHR Data Access: What the Recent Court Ruling Means for Healthcare
A landmark ruling in the case of Real Time Medical Systems v. PointClickCare has reshaped the legal landscape for electronic health record (EHR) data access. On March 12, 2025, the United States Court of Appeals for the Fourth Circuit issued a decision that affirms the rights of healthcare providers and their authorized agents to access and share patient data under HIPAA and the 21st Century Cures Act. This ruling sets a critical precedent, clarifying that legally authorized data access cannot be unilaterally blocked by EHR vendors.
This decision has significant implications for healthcare technology providers and practices alike. At HeyDonto, we recognize this ruling as validation of our commitment to transparent, compliant data integration. Our model has always been built around legally sound, provider-authorized data access, and this decision further solidifies that approach.
Key Takeaways from the Court Ruling
Legal Precedence for Provider-Authorized Access: The court confirmed that data access authorized by healthcare providers, especially when supported by Business Associate Agreements (BAAs), is legally protected.
EHR Vendor EULAs Cannot Supersede HIPAA: The ruling found that End User License Agreements (EULAs) used by vendors like PointClickCare cannot override the federal rights granted to covered entities and their business associates. If a provider grants access, and that access is covered by appropriate privacy and security agreements, the vendor cannot block or delay access to data as a competitive tactic.
A Blow Against Information Blocking: The court recognized that arbitrary restrictions on access to data—especially when that data access is authorized by the provider—constitute information blocking. This aligns directly with the Office of the National Coordinator for Health IT’s (ONC) guidance and strengthens enforcement of the Cures Act.
Reduced Risk for Providers and Vendors: Providers no longer need to fear vendor retaliation when working with third-party partners to improve care delivery or streamline operations. By confirming that provider consent overrides restrictive vendor policies, the court upholds a more transparent and interoperable healthcare system.
Impact on Healthcare Technology
For technology providers like HeyDonto, this ruling is crucial. It reinforces the importance of clinic-authorized data access and encourages the use of standardized, FHIR-compliant APIs. Unlike other models that may operate in a legal gray area, HeyDonto’s approach focuses on secure, authorized, and fully auditable data handling, minimizing legal risk for healthcare practices. We act solely as the authorized agent of the provider, operating under fully executed Business Associate Agreements (BAAs) and written Terms of Service.
We do not access any data without explicit, documented consent from the provider, ensuring HIPAA compliance at all times.
Practical Implications for Dental Practices and Tech Partners
You have the right to access your data. This ruling protects your ability to work with integration partners like HeyDonto, even if an EHR vendor pushes back.
You are empowered to innovate. Whether you want to adopt an AI-powered scheduling tool, revenue optimization software, or inventory platform, you can do so with confidence if the solution is properly authorized.
You are now shielded from PMS bullying. The days of vendors using contractual fine print to restrict data access, or penalize innovation efforts, are numbered.
Conclusion
This court ruling represents a significant step forward for healthcare innovation. By validating provider-authorized data access, it ensures that healthcare practices can leverage modern technology without the threat of unfair vendor restrictions. At HeyDonto, we are proud to align our solutions with this new legal standard, providing secure, compliant data integration that supports the future of healthcare.
As the healthcare industry continues to evolve, HeyDonto remains committed to supporting secure, provider-authorized data access that drives better patient outcomes and operational efficiency.
Want to Know More?
If you’re a provider, DSO, or SaaS vendor looking to integrate with EHR systems securely and legally, we’d love to show you how HeyDonto makes it possible. Reach out to us at services@heydonto.com or visit our Trust Center to learn more.