The 21st Century Cures Act promotes collaboration and ease in sharing healthcare data. It also funds research on disease prevention and cures. President Barack Obama signed the act into law in 2016, though healthcare practices had until April 5, 2021, to be compliant with the act’s health IT regulations.
Learn how the 21st Century Cures Act impacts your practice and how Nextech simplifies the delivery of excellent patient care.
The Cures Act is designed to give patients and their providers seamless and secure access to healthcare information. It aims to increase innovation and competition by creating an ecosystem of interoperability that provides patients with more healthcare choices.
First introduced to Congress in 2016, the Cures Act has been in constant evolution over the past eight years. It first received bi-partisan support before being signed into law by the president on Dec. 13, 2016. After, the Office of the National Coordinator for Health Information Technology (ONC) and the Centers for Medicare & Medicaid Services (CMS) reviewed and modified the act.
The U.S. Department of Health and Human Services (HHS) finalized the rules in March 2020. The 21st Century Cures Act's final rules laid out information-blocking practices to protect patients and practices. By April 5, 2021, all healthcare providers had to be compliant with the act.
When first passed, the Cures Act made headlines for its mental health reforms and funding for precision medicine and specific health initiatives, such as cancer research and the Brain Research through Advancing Innovative Neurotechnologies (BRAIN) initiative.
For many practices, however, what’s most important about the 21st Century Cures Act is the IT regulation. This act established data-sharing measures so healthcare information can be shared among practices, healthcare systems, and individual patients.
Since April 5, 2021, the date when all practices had to be compliant, there have been a few updates, as reflected in the timeline below. Practices and certified EHR vendors are expected to stay up to date on these milestones and any that may arise in the future.
A key component of the act is interoperability, or the ability to easily exchange information between healthcare networks.
ONC’s final rule requires all practices and certified EHR vendors to enable interoperability. Supporting this clause often boils down to choosing a certified EHR vendor.
Certified EHR vendors:
Format health data in the style set by U.S. Core Data for Interoperability
Passed in 2003, the HIPAA Privacy Rule created standardized practices to ensure patient data is protected. The act gives patients more control over healthcare data and sets boundaries on how providers can use and share it. The 21st Century Cures Act doesn’t change the rights protected under HIPAA.
When the act was first introduced, there were some concerns it could infringe on HIPAA since HIPAA protects patient data and the Cures Act makes it easier to share. The final rule addresses these concerns, adding regulations around how and when data is shared.
For most healthcare practices, the best way to be compliant with HIPAA and the Cures Act is to find an EHR vendor that meets the healthcare IT regulations set by both.
Perhaps the most important, and often misunderstood, part of the Cures Act is its regulations around information blocking.
ONC defines information blocking as actions that inhibit the “access, exchange, or use of electronic health information.”
Under the Cures Act, providers and health IT companies must ensure any stored data can easily be shared with other practices. If a practice or IT vendor is not upholding this, an information-blocking claim can be made against them.
Easy information sharing isn’t just a regulation. It benefits practices and patients.
Let’s say, for example, a patient is referred by their primary care provider to an ophthalmologist. Under the Cures Act, the primary care provider must transfer the patient’s data to the ophthalmologist. If they were unwilling or unable to because of their health IT system, they would not be compliant with the 21st Century Cures Act.
There are nine instances when information blocking is permitted. These exceptions protect electronic health information (EHI) or commercial interests.
Exception 1: Prevent Harm - an actor shouldn’t share information if they believe the practice will cause harm to the patient or another person.
Exception 2: Protect Privacy - if sharing the information will infringe on a patient’s privacy, the actor should not share.
Exception 3: Ensure Security - the actor should not share EHI if there is reason to believe sharing the data will be insecure.
Exception 4: Infeasibility - if a request is infeasible, an inability to share EHI will not be considered information blocking.
Exception 5: Harm Health IT Performance - when health information is taken offline temporarily for IT updates or maintenance, it is not considered information blocking.
Exception 6: Content and Manner Flexibility - this exception provides flexibility about what information is shared and how an actor fulfills an information request.
Exception 7: Charge Fees - if an actor charges fees in exchange for sharing information, it is not considered information blocking.
Exception 8: Licensing - a vendor can license interoperability elements to protect information about how they store EHI.
Exception 9: TEFCA Manner Exception - if an actor and requestor are part of TEFCA, they can fulfill data-sharing requests through that network.
Under the 21st Century Cures Act, your practice has two options: take on the responsibility of being compliant through in-house resources or work with a compliant EHR company.
Benefits of working with and EHR company:
Nextech EHR software helps practices meet all requirements under the 21st Century Cares Act.
Along with the obvious benefit of following federal regulations, there are some under-the-radar ways a Cures Act-compliant EHR improves healthcare practices:
The right EHR will guide your practice to greater efficiency, higher profitability, and simplified compliance. Nextech is ONC-Health IT 2015 Edition Cures Update Health IT certified.
As of April 5, 2021, all healthcare practices, as well as vendors of certified health IT, must be Cures Act compliant. This means they can easily share information with other software vendors and practices providing care to the same patients. The ONC Cures Act Final Rule considers three categories of “actors” that are regulated by the information blocking section: healthcare providers; health information networks or health information exchanges; and health IT developers of certified health IT.
Information blocking, the intentional practice of not sharing healthcare data with other practices, is forbidden under the Cures Act. That said, there are exceptions. The main ones include blocking information when there are grounds to suspect an actor may harm the patient or someone else with the healthcare data.
The 21st Century Cures Act is separate from HIPAA, though practices must uphold both. HIPAA protects patient data and grants patients ownership of health data. The 21st Century Cures Act requires providers and health IT companies to store data in a standardized way, making it easy to share with other practices, IT vendors, and providers.
EHR companies must be certified through the ONC Health IT Certification Program. To gain this certification, a vendor must provide proof they follow a series of regulations regarding how data is stored, the use of APIs, and their ability to share data without information blocking. To remain certified, vendors must maintain these regulations.