window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'UA-72416617-1');

21st Century Cures Act: A guide to understanding for those without a PhD, Part 1

Navigate to:Home:21st Century Cures Act: A guide to understanding for those without a PhD, Part 1

21st Century Cures Act: A guide to understanding for those without a PhD, Part 1

By: Dean Dorton | December 7, 2020

In this blog post, we look at the most immediate, relevant aspects of the Cures Act and how it impacts Healthcare Providers, Healthcare Information Networks, and Health IT Developers.

Healthcare | Technology

Sometimes government does pass laws with well-intentioned motives and the 21st Century Cures Act (Cures Act) is a good example of one. However, government has a much shorter list of passing laws that are simple and easy to understand. Perhaps significant endeavors require complexity. Regardless, interpretation and compliance falls on our shoulders.

Let’s look at the most immediately relevant aspects of the Cures Act. Trying to address the entire Cures Act, even summarized, can be overwhelming.

The Cures Act applies to:

  • Healthcare Providers
  • Health Information Networks
  • Health IT Developers

A revised time line was provided in late October. This time line contains more than just the immediately relevant items, however, we do need to have in the back of our mind a concept of the end goal.

April 5, 2021

  • Information blocking provisions
  • Information Blocking CoC/MoC requirements
  • Assurances CoC/MoC requirements
  • API CoC/MoC requirement – compliance for current API criteria
  • Communications CoC/MoC requirements (except for the notice requirement for 2020

December 31, 2022

  • 2015 Edition health IT certification criteria updates (except EHI export, which is extended until December 31, 2023)
  • New standardized API functionality

April 1, 2022 to March 31, 2023

  • Submission of initial attestations
  • Submission of initial plans and results of real-world testing

We will only be focusing on the items with a compliance date of April 5, 2021 for the remainder. These fall into the category of information blocking provisions/requirements. Determining how to apply this depends on what type of actor you are. The following constitutes information blocking and applies to all actors.

Information Blocking Provisions Include

  • Imposing formal or informal restrictions on access, exchange, or use of EHI

  • Implementing health information technology in ways that are likely to restrict the access, exchange, or use of EHI

  • Discouraging efforts to develop or use interoperable technologies or services

  • Discrimination that frustrates or discourages efforts to enable interoperability

  • Rent-seeking and opportunistic pricing practices that make information sharing cost prohibitive

However, there are exceptions to the information blocking rules.

Allowable Information Blocking Exceptions

  • Practices that are likely to interfere with access, exchange, or use of EHI may be justified if the practices are reasonable and necessary to prevent harm to a patient or another person

  • An actor does not have to fulfill a request to access, exchange, or use EHI in a way that is prohibited under state or federal privacy laws

  • Practices that are likely to interfere with access, exchange, or use of EHI may be justified in order to safeguard EHI when the practice is tailored to specific security

  • Legitimate practical challenges may limit an actor’s ability to comply with requests for access, exchange, or use of EHI

  • Reasonable and necessary practices that temporarily make health IT unavailable or that degrade the health IT’s performance may be permitted for regular maintenance

  • May be permitted to limit the content of a response to a request to access, exchange, or use EHI or the manner in which it fulfills a request if content and manner conditions are met

  • Actors may charge fees, including fees that result in a reasonable profit margin, related to the development/provision of technologies and services that enhance interoperability

  • Protects the value of actors’ innovations and allows the charge of reasonable royalties to earn returns on investments made to develop, maintain, and update those innovations

The remaining items within information blocking related to CoC/MoC requirements are applicable to actors developing applications and interfaces. Typically these are the Health Information Networks and Health IT Developers. However, as applications and interfaces are implemented it will also be the responsibility of the Healthcare providers to ensure Cures Act requirements are being met.

Lastly, here is what you can do now to prepare for the Cures Act.

Step 1: Evaluate existing processes for providing information

Step 2: Identify tools, systems, and applications that hold data elements

Step 3: Map data fields to Health Level 7 (HL7) transaction sets

Step 4: Access strategy and develop implementation plan

Contact Us

Kevin Cornwell, CPA, CISA, CITP
IT Audit Associate Director
502.566.1011 | kcornwell@ddaftech.com

Have a question? Click here to contact this representative.

Previous Next

Related Posts

Unlock your growth potential with practical and strategic business advice.

© 2023 Dean Dorton Allen Ford, PLLC • All Rights Reserved

The matters discussed on this website provide general information only. The information is neither tax nor legal advice. You should consult with a qualified professional advisor about your specific situation before undertaking any action.

We use cookies to improve your experience and optimize user-friendliness. Read our cookie policy for more information on the cookies we use and how to delete or block them. To continue browsing our site, please click ok. Ok
Go to Top