Policy Playbook: The 21st Century Cures Act

Authors: Diana Halloran, MD (Emergency Medicine Resident, Northwestern, @Diana_Halloran) and Summer Chavez, DO, MPH, MPM (Attending Physician, The University of Texas Health Science Center at Houston) // Reviewed by: Alex Koyfman, MD (@EMHighAK) and Brit Long, MD (@long_brit)

What is the issue?

On December 13th, 2016 President Obama signed the 21st Century Cures Act into law.1 In addition to modifying the FDA drug approval process, granting aid to states for fighting the opioid epidemic, and allocating funding to the National Institutes of Health, the Cures Act made changes regarding electronic health records. Section 4001 to 4009 require health care providers to have “meaningful use of EHR”, can penalize health care providers for “engaging in information blocking”, and encourages offering patients access to their own electronic health information.1 Section 4006 states that patients have a “right to access and protect their personal health information”.1  Section 4012 requests information from the Centers for Medicare and Medicaid Services (CMS) regarding Medicare telehealth services.1

This year the Health and Human Services Office of the National Coordinator for Health Information Technology (ONC) and CMS issued rulings built off the Cures Act about access and use of electronic health information.2, 3  The CMS Interoperability and Patient Access final ruling requires programs through Medicaid, Medicare, and CHIP to make patient’s clinical data available via a new Patient Access application planning interface (API).3  This would allow patients to access claims, encounter details, cost breakdown, and clinical information via a third-party application.3  The ONC 21st Century Cures Act final ruling is very similar, calling on the healthcare industry to implement application programming interfaces (API’s) for patient access to their health records and for increased interoperability between electronic health systems.2  The ruling also aims to prevent information blocking and clarifies that patients should be able to access all of their electronic health information.2  There are currently eight exceptions that fall into two categories: exceptions involving not fulfilling requests to access electronic health information, such as security and privacy exceptions, and exceptions involving using electronic health information, such as licensing and content exceptions.4


Why does this matter?

While these regulations strive to give more personal control of electronic health care data to patients there are concerns that the privacy and security of third-party apps will not be stringent enough as many phone apps are not named under the Health Insurance Portability and Accountability Act (HIPAA).5  Currently these concerns have been addressed by HHS by using similar privacy standards as used for travel and banking apps.2  The ability for patients to carry their updated electronic health information with them in the form of a smartphone app can be a huge advantage for emergency physicians. Patients who have come to the emergency department from other states or electronic health systems and patients who are not familiar with their medications or past medical history would greatly benefit from this system – as would the physicians who see them in emergency departments.

Increased interoperability between electronic health systems would be beneficial, especially as emergency physicians must access data on patients from other hospitals and records. These changes might help alleviate the difficulties and frustrations of not being able to see a patient’s health records from different electronic medical systems.5  These changes have been suggested to reduce physician burnout as a result of alleviating current data fragmentation.5  However, physicians might see an increase in administrative burden as a result of new required technology upgrades and ensuring compliance with the regulations.

In addition to increased interoperability the Cures Act will ensure up to date health information sharing with patients – in real time.6 This includes all laboratory data and notes aside from limited exceptions such as information regarding psychotherapy and information that might result in harm or the violation of privacy.6 Physicians should be even more cognizant of what information they are entering into a patient’s personal chart, including medical jargon and personal contact information. The real-time updates have the potential to cause confusion or distress in patients regarding laboratory or imaging results that are not clinically significant. This might require additional conversations and time between the physician and patient to discuss these results and reassure patients.

The consequences of these changes are still unknown as many of these new requirements will not be enforced by CMS until July 1, 2021 and ONC’s compliance date of November 2020 was pushed back to April 5th, 2021 due to the coronavirus pandemic.7


What can I do about it?

  • Become familiar with the Cures Act
  • Become familiar with the proposed rules from ONC and CMS
  • Ask your EHR vendors about potential changes
  • Keep up to date with hospital and department announcements
  • Continue to ensure privacy of EHR


Helpful Resources & Links:


This post was a collaboration between emDocs and the EMRA Health Policy Committee.


  1. Bonamici S. H.R.34 – 21st Century Cures Act. gov. https://www.congress.gov/bill/114th-congress/house-bill/34. Published December 13, 2016.
  2. 21st Century Cures Act: Interoperability, Information Blocking, and the ONC Health IT Certification Program. Federal Register. https://www.federalregister.gov/documents/2020/11/04/2020-24376/information-blocking-and-the-onc-health-it-certification-program-extension-of-compliance-dates-and Published May 1, 2020.
  3. Reducing Provider and Patient Burden by Improving Prior Authorization Processes and Promoting Patients’ Electronic Access to Health Information. CMS. https://www.cms.gov/Regulations-and-Guidance/Guidance/Interoperability/index Published December 14, 2020.
  4. Information Blocking. HealthIT.gov. https://www.healthit.gov/topic/information-blocking. Published November 23, 2020.
  5. Davis J. HHS Releases Long-Awaited HIT Regs. American College of Emergency Physicians. https://www.acep.org/federal-advocacy/federal-advocacy-overview/regs–eggs/regs–eggs-articles/regs–eggs—march-12-2020 Published March 12, 2020.
  6. UCDavis Health. Ensuring Interoperability and Information Sharing 21st Century Cures Act and Open Notes FAQs. UCDavis Health. https://health.ucdavis.edu/media-resources/contenthub/health-news/2020/10/pdf/FAQs-for-OpenNotes-Ensuring Interoperability-Oct-2020.pdf. Published October 2020.
  7. S. Department of Health and Human Services. HHS Extends Compliance Dates for Information Blocking and Health IT Certification Requirements in 21st Century Cures Act Final Rule. HHS.gov. https://www.hhs.gov/about/news/2020/10/29/hhs-extends-compliance-dates-information-blocking-health-it-certification-requirements-21st-century-cures-act-final-rule.html. Published October 29, 2020.

Leave a Reply

Your email address will not be published. Required fields are marked *