Nextech Named 2024 Best in KLAS: Ambulatory Specialty EHR

«  View All Posts


EHR Mandates Now Have Teeth. Get On Board to Avoid Penalties

By: Courtney Tesvich | March 12th, 2024

EHR Mandates Now Have Teeth. Get On Board to Avoid Penalties Blog Feature

EHR mandates became law in 2016, with enforcement penalties starting in 2024. This may feel like a new requirement, but it’s been 15 years in the making.

Electronic health records (EHRs) have come a long way since they were first mentioned in U.S. legislation in 2009. At that time, an EHR mandate was seen as a necessary incentive to convince paper-based medical providers to go to the trouble of making the digital switch.

Today, implementing an EHR is a lot more carrot, a lot less stick. Modern EHR software is more powerful, easier to use, and easier to implement than ever before. It offers compelling benefits to both patients and practices.

While better care and business growth are the best reasons to implement an EHR, the government is still incentivizing EHR adoption with its most potent tool: a mandate that, starting in 2024, carries financial penalties for providers who fail to comply.

EHR Legislation Timeline






Introduced to safeguard the privacy and security of patient health data


Includes HITECH, which provided financial incentives to healthcare providers to promote the meaningful use of electronic records

21st Century Cures Act

Intended to accelerate innovation and new product development in healthcare technology; promotes interoperability of EHR systems and penalizes “information blocking”


What Is the EHR Mandate?

Mandatory use of electronic health records is a component of the 21st Century Cures Act, passed in 2016.

The Cures Act updated the regulations of HITECH, passed in 2009. HITECH offered financial incentives to practices that switched their paper-based records to a digital format. It began penalizing noncompliant providers in 2014.

Seven years later, the Cures Act went a step further.

First, HITECH required practices to implement electronic medical records (EMRs), essentially a digital version of paper charts. The Cures Act required EHRs – which, unlike EMRs, are interoperable, easily shared and collaborated on between providers.

Second, the Cures Act went from encouraging EHR use to requiring it. Since it passed, electronic sharing of health information is the expected norm in U.S. healthcare.

Why Make EHRs Mandatory?

By requiring EHR adoption, the Cures Act seeks to achieve twin goals: empowering patients to play an active role in their own healthcare and promoting interoperability between medical providers.

The Cures Act puts clear parameters around what HITECH called “meaningful use” of EHR technology. It defines patients’ rights to access, supports application development, and standardizes technology so EHR systems can securely transmit information across providers.

The Act also prohibits “information blocking.” Information blocking occurs when a healthcare provider or a technology provider withholds information protected by the act’s standards of interoperability.

What Is MIPS?

MIPS, the Merit-based Incentive Payment System, launched in 2017. It ties providers’ Medicare reimbursement levels to quality scores rather than patient volume.

Practices are scored on their quality of care, whether their systems are interoperable with those of other providers, activities that promote improvement, and cost.

The composite score determines the practice’s Medicare payment adjustment. High-scoring practices may qualify for a bonus, while low-scoring practices are assessed a penalty.

Because promoting interoperability specifically requires a practice to use an EHR, and that component makes up 25% of the composite score, practices that don’t use recognized software automatically qualify for a penalty.

Not every medical practice participates in MIPS. Medicare reimbursements aren’t a consideration in all specialties, particularly aesthetics and cosmetic plastic surgery. Nonetheless, these practices are also required to meet standards for interoperability and patient access.

What Is Meaningful Use?

Meaningful use” is a cornerstone of EHR mandates. It’s intended to ensure EHRs are effectively applied to achieve the goal of the law.

Without meaningful use, practices could install useless software just for show, without actually keeping shareable electronic health records.

Under the law, meaningful use of EHR technology:

  • Improves the quality, safety, and efficiency of care
  • Reduces healthcare disparities
  • Engages patients and their families
  • Improves care coordination between providers
  • Improves population health and public health
  • Ensures the privacy and security of personal health information (PHI)

How Does the EHR Mandate Work With HIPAA?

HIPAA was passed in 1996 to protect the privacy of a patient’s personal health information. Meanwhile, the Cures Act was passed to promote the flow of information between practices.

It might seem like the two laws are at cross purposes: one wants to keep information secure, the other wants it to be easy to share.

In fact, HIPAA always included a privacy rule that established an individual’s rights to view or receive copies of their health records. The Cures Act operates in the same spirit: It empowers patients to access and use their PHI, and to share it with other providers caring for their health.

The Cures Act adds clarity to what HIPAA calls “covered entities” — the people and organizations authorized to view PHI. Its purpose is to enable a smoother, more efficient flow of information between these entities.

What Are the Penalties for Not Complying With the EHR Mandate?

Providers who don’t comply with the EHR mandate significantly reduce their Medicare reimbursements. Possible penalties include a reduced reimbursement rate through MIPS and ineligibility to participate in the Medicare Shared Savings Program.

To providers who are comfortable with their paper-based system, the penalties might seem worth avoiding the trouble of an EHR switch. But the best reason to switch to an EHR isn’t avoiding penalties — it’s taking advantage of all the benefits.

And switching is not nearly as burdensome as it once was. In fact, the switch – including entering data from paper records into the system, setting up the infrastructure, and training staff – can be accomplished in a few months and may not even require the practice to shut down.

Once implemented, an EHR gives providers insights to provide better patient care; eliminates after-hours charting; keeps cleaner, more organized records; and enables a practice to see more patients per day with no decrease in the quality of visits.


When did EMR mandates start?

The first EHR mandate was actually the EMR Mandate, a provision of the HITECH Act of 2009.

HITECH required all healthcare providers to convert medical charts to a digital format by 2014. As of 2015, providers not in compliance were penalized through reduced Medicare reimbursements.

When did electronic health records become mandatory?

Electronic health records (EHRs) are more advanced and useful digital records than electronic medical records (EMRs).

In 2016, the 21st Century Cures Act incentivized the adoption of robust EHR systems over the more limited and less shareable EMRs required by HITECH.

Penalties for not complying with the EHR mandate take effect in 2024.

Why did we move from paper charting to EHRs?

EHRs allow for better patient care than paper charts. They offer:

  • Better collaboration between healthcare providers
  • Reduced medical errors
  • Greater patient engagement
  • Better patient outcomes
  • Reliable health data tracking

Legislators passed the EHR mandate because they viewed these advantages as opportunities to improve population and public health.

Are there exceptions to the Cures Act?

The 2020 Cures Act Final Rule established five exceptions that allow providers to withhold health information without being charged with information blocking. The exceptions are:

  • Preventing harm (there is reason to believe releasing information will put the patient or another person at risk of harm)
  • Privacy (releasing the requested information would violate HIPAA or another privacy law)
  • Security (the requested release poses a specific risk to the confidentiality, integrity, and availability of electronic health information)
  • Infeasibility (the provider can’t release the information due to circumstances outside their control, such as a natural disaster)
  • Health IT performance (if the provider’s IT system is down or undergoing maintenance, the request can be delayed until the system is operational)


Courtney Tesvich-VPRegulatory&ComplianceCourtney Tesvich is a registered nurse with more than 20 years in the healthcare field, 15 of which have been focused on quality improvements and regulatory compliance. She also holds an MBA and a master’s in jurisprudence in Health Law and Corporate Compliance. As VP of Regulatory and Compliance at Nextech, Courtney is responsible for ensuring that Nextech’s products meet government certification requirements and client needs related to the regulatory environment, as well as monitoring overall corporate compliance.

Heading to Boston for ASCRS?

We'll be there! Visit Nextech to learn about our unified EHR and practice management solution and join us for a special evening event. Schedule time with us!

2024_LShow_ASCRS - Boston - OPH_v1_Social