The constant waves of change that sweep the healthcare regulatory landscape ensure optimal care delivery to patients. Undoubtedly, putting the patient at the center is the core philosophy upon which the foundation of value-based healthcare rests. To strengthen this foundation, the ONC and CMS have issued two final rules of the 21st Century Cures Act, bringing under its purview healthcare IT vendors, providers, and patients. With the timeline for compliance fast approaching, we discuss the two final rules and the critical implications for healthcare IT developers and providers.

Rule# 1: Inhibit information blocking

One of the key stipulations of the final rule for healthcare is preventing information blocking, defined by the federal government as “a practice by a health IT developer of certified health IT, health information network, health information exchange, or health care provider that, except as required by law or specified by the Secretary of Health and Human Services (HHS) as a reasonable and necessary activity, is likely to interfere with access, exchange, or use of electronic health information (EHI).” This rule seeks to minimize anti-competitive behaviors. For example, currently, there are some provisions set by EHR vendors to prevent the sharing of certain types of information about the EHRs in use, such as screenshots or videos. This rule updates certification requirements for health IT developers. It establishes new provisions so that there are no limitations in the sharing of such information. This rule also stipulates that EHRs provide clinical data necessary through the USCDI (US Core Data for Interoperability) to ensure vital patient information can be accessed wherever required. It will also ensure that data can be accessed across the healthcare system. There are, however, a few exceptions to this rule:

a) Prevention of harm

b) Privacy

c) Security

d) Infeasibility

e) Health IT performance

f) Content and Manner

g) Fees

h) Licensing

Rule #2: An open technology ecosystem

This rule is around interoperability, or rather, encouraging open APIs in application development to allow patients’ unmitigated access to their data. This rule requires using modern computing standards and APIs that give patients access to their health information on any digital device they prefer. Referred to as the Patient Access API, this ensures patients can take their data with them as they move from provider to provider throughout the healthcare system. The requirement for an open ecosystem is good news for healthcare IT developers. It paves the way for sharing best practices among vendors, leading to more cutting-edge healthcare technology innovation.

It’s time to comply

The rules put the patient at the center – as it always should be. It will ensure a seamless transition of information, unmitigated access to data wherever and whenever care is required, and pave the way for greater healthcare tech innovation. The rules can seem challenging to comply with for certified healthcare IT vendors, considering the strict timelines. An experienced healthcare transformation partner can help see this through. With over 20+ years of experience in servicing multi-million-dollar projects at some of the top healthcare vendors in the US, we have armed ourselves with the knowledge and skills required to traverse this complex regulatory landscape.

In the next part of this blog series, we will discuss in detail the implications of the 21st Century Cures Act final rules for providers.

Please write to us at to see how we can help you comply with these new rules.

HealthAsyst Blogging Community

The HealthAsyst Blogging Community comprises key thought leaders with decades of experience in the Healthcare IT Services industry. Their expertise ranges from product engineering, implementation, healthcare regulation, managed services to applications of data science and analytics in healthcare.
Close Menu