The 21st Century Cures Act

Cures Act Summary + Final Rule

When first passed, the Cures Act made headlines for its mental health reforms and funding for precision medicine and specific health initiatives, such as cancer research and the Brain Research through Advancing Innovative Neurotechnologies (BRAIN) initiative. 

For many practices, however, what’s most important about the 21st Century Cures Act is the IT regulation. This act established data-sharing measures so healthcare information can be shared among practices, healthcare systems, and individual patients. 

Since April 5, 2021, the date when all practices had to be compliant, there have been a few updates, as reflected in the timeline below. Practices and certified EHR vendors are expected to stay up to date on these milestones and any that may arise in the future.

21st Century Cures Act Interoperability

A key component of the act is interoperability, or the ability to easily exchange information between healthcare networks. 

ONC’s final rule requires all practices and certified EHR vendors to enable interoperability. Supporting this clause often boils down to choosing a certified EHR vendor.

Certified EHR vendors:

• Place data from the diagnostic devices you use in your practice into the correct patient record
• Have standardized application programming interface (API) functionality

Format health data in the style set by U.S. Core Data for Interoperability

Cures Act and HIPAA

Passed in 2003, the HIPAA Privacy Rule created standardized practices to ensure patient data is protected. The act gives patients more control over healthcare data and sets boundaries on how providers can use and share it. The 21st Century Cures Act doesn’t change the rights protected under HIPAA. 

When the act was first introduced, there were some concerns it could infringe on HIPAA since HIPAA protects patient data and the Cures Act makes it easier to share. The final rule addresses these concerns, adding regulations around how and when data is shared.

For most healthcare practices, the best way to be compliant with HIPAA and the Cures Act is to find an EHR vendor that meets the healthcare IT regulations set by both.

Information Blocking

Perhaps the most important, and often misunderstood, part of the Cures Act is its regulations around information blocking. 

ONC defines information blocking as actions that inhibit the “access, exchange, or use of electronic health information.”

Under the Cures Act, providers and health IT companies must ensure any stored data can easily be shared with other practices. If a practice or IT vendor is not upholding this, an information-blocking claim can be made against them. 

Easy information sharing isn’t just a regulation. It benefits practices and patients. 

Let’s say, for example, a patient is referred by their primary care provider to an ophthalmologist. Under the Cures Act, the primary care provider must transfer the patient’s data to the ophthalmologist. If they were unwilling or unable to because of their health IT system, they would not be compliant with the 21st Century Cures Act.

21st Century Cures Act information blocking exceptions

There are nine instances when information blocking is permitted. These exceptions protect electronic health information (EHI) or commercial interests.

Exception 1: Prevent Harm - an actor shouldn’t share information if they believe the practice will cause harm to the patient or another person.

Exception 2: Protect Privacy - if sharing the information will infringe on a patient’s privacy, the actor should not share.

Exception 3: Ensure Security - the actor should not share EHI if there is reason to believe sharing the data will be insecure.

Exception 4: Infeasibility - if a request is infeasible, an inability to share EHI will not be considered information blocking.

Exception 5: Harm Health IT Performance - when health information is taken offline temporarily for IT updates or maintenance, it is not considered information blocking.

Exception 6: Content and Manner Flexibility - this exception provides flexibility about what information is shared and how an actor fulfills an information request.

Exception 7: Charge Fees - if an actor charges fees in exchange for sharing information, it is not considered information blocking. 

Exception 8: Licensing - a vendor can license interoperability elements to protect information about how they store EHI.

Exception 9: TEFCA Manner Exception - if an actor and requestor are part of TEFCA, they can fulfill data-sharing requests through that network.

What It Means for Your Practice

Under the 21st Century Cures Act, your practice has two options: take on the responsibility of being compliant through in-house resources or work with a compliant EHR company. 

Benefits of working with and EHR company:

• Easier data access for patients via a secure patient portal
• Protection against unintentional information blocking
• Promoting interoperability on autopilot

Nextech EHR software helps practices meet all requirements under the 21st Century Cares Act.

Learn More

Added Benefits of Cures Act Compliance

Along with the obvious benefit of following federal regulations, there are some under-the-radar ways a Cures Act-compliant EHR improves healthcare practices:

• Increase charting efficiency 
• Improve documentation accuracy
• Reduce administrative burdens
• Optimize financial performance with an all-in-one practice management.
• Improve practice performance, profitability, and patient care

The right EHR will guide your practice to greater efficiency, higher profitability, and simplified compliance. Nextech is ONC-Health IT 2015 Edition Cures Update Health IT certified.

Learn More