21s Century Cures Act: A Guide to Understanding for Those without a PhD

Sometimes government does pass laws with well-intentioned motives. The 21st Century Cures Act (Cures Act) is a good example. Less frequent is the passage of laws that are simple and easy to understand. Perhaps significant endeavors require complexity. Regardless, interpretation and compliance fall on our shoulders.

Let’s look at the most immediately relevant aspects of the Cures Act. Trying to address the entire Cures Act, even summarized, can be overwhelming.

The Cures Act applies to the following, also referred to as actors.

A revised timeline was provided in late October. This timeline contains more than just the immediately relevant items. However, we do need to have in the back our mind a concept of the end goal.

Compliance dates include:

April 5, 2021

Information blocking provisions
Information blocking CoC/MoC requirements
Assurances CoC/MoC requirements
API CoC/MoC requirement – compliance for current API criteria
Communications CoC/MoC requirements (except for the notice requirement for 2020)

December 31, 2022

2015 edition health IT certification criteria updates (except EHI export, which is extended until December 31, 2023)
New standardized API functionality

April 1, 2022 to March 31, 2023

Submission of initial attestations
Submission of initial plans and results of real-world testing Here we will be focusing only on the items with a compliance date of April 5, 2021. These fall into the category of information blocking provisions and requirements. Determining how to apply this depends on what type of actor you are. The following constitutes information blocking and applies to all actors.
Information blocking provisions include:
Imposing formal or informal restrictions on access, exchange, or use of EHI
Implementing health information technology in ways that are likely to restrict the access, exchange, or use of EHI
Discouraging efforts to develop or use interoperable technologies or services
Discrimination that frustrates or discourages efforts to enable interoperability
Rent-seeking and opportunistic pricing practices that make information sharing cost prohibitive

However, there are exceptions to the information blocking rules.

Allowable information blocking exceptions:

Practices that are likely to interfere with access, exchange, or use of EHI may be justified if the practices are reasonable and necessary to prevent harm to a patient or another person
An actor does not have to fulfill a request to access, exchange, or use EHI in a way that is prohibited under state or federal privacy laws
Practices that are likely to interfere with access, exchange, or use of EHI may be justified in order to safeguard EHI when the practice is tailored to specific security
Legitimate practical challenges may limit an actor’s ability to comply with requests for access, exchange, or use of EHI
Reasonable and necessary practices that temporarily make health IT unavailable or that degrade the health IT’s performance may be permitted for regular maintenance
It is permissible to limit the content of a response to a request to access, exchange, or use EHI or to limit the manner in which the request is fulfilled if content and manner conditions are met
Actors may charge fees, including fees that result in a reasonable profit margin related to the development/provision of technologies and services that enhance interoperability
Reasonable royalties may be charged to protect the value of actors’ innovations and allow actors to earn returns on investments made to develop, maintain, and update those innovations

The remaining information blocking items related to CoC/MoC requirements are applicable to actors developing applications and interfaces. Typically, these are the health information networks and health IT developers. However, as applications and interfaces are implemented, it will also be the responsibility of healthcare providers to ensure Cures Act requirements are being met.

Lastly, here is what you can do now to prepare for the Cures Act.

Step 1: Evaluate existing processes for providing information

Step 2: Identify tools, systems, and applications that hold data elements

Step 3: Map data fields to Health Level 7 (HL7) transaction sets

Step 4: Access strategy and develop implantation plan

Kevin Cornwell can be reached at 502-566-1011 or kcornwell@ddaftech.com