top of page

What To Expect After The Passing of The 21st Century Cures Act

Updated: Sep 7, 2023

With new laws come new standards. As a third-party platform that allows disconnected databases to communicate and drive patient engagement, we are helping hospitals and health systems usher in the new standard of healthcare technology as defined by the 21st Century Cures Act.

Things to be aware of regarding information blocking enforcement penalties set to begin Sept. 1, 2023

- The U.S. Department of Health and Human Services (HHS) Office of Inspector General (OIG) recently posted the final rule establishing civil monetary penalties (CMPs) for information blocking (IB Enforcement Rule).

- The IB Enforcement Rule applies to health IT developers of certified health IT, entities offering certified health IT, HIEs and HINs.

- Healthcare providers are exempt from CMPs unless the provider also meets the definition of one of the entities subject to CMPs. The Office of the National Coordinator for Health Information Technology (ONC) has previously issued rulemaking and additional guidance around assessing when a healthcare provider may also be a health IT developer or considered to be offering certified health IT. (See the Holland & Knight alert, "ONC Proposes Updates to Information Blocking Regulations," April 27, 2023.)

- OIG has authority to investigate healthcare provider violations, but ONC is tasked with establishing "appropriate disincentives" for healthcare provider violations.

- OIG will coordinate with other agencies (ONC, HHS' Office for Civil Rights (OCR), the Federal Trade Commission (FTC) and others) in its investigation.

- CMPs are based on a combination of violations arising out of a practice and implementation of that practice and can result in multiple violations with a maximum CMP of $1 million per violation.

OIG will provide for a self-disclosure protocol and process.

"In June of 2020, the 21st Century Cures Act (Cures Act) Final Rule became effective. One of the biggest changes, and challenges as a result of the Cures Act is that patients will be entitled to use patient-facing API enabled applications of their choice to download their health data into an application of their choice. An example of an API use is when patients utilize mobile personal health record apps with APIs to gather data from fitness trackers. Now that certified electronic health records (EHRs) are required to provide APIs, patients will be able to connect with these APIs to gather and share health information. For example, they may be able to use an API to electronically share diagnostic information – like blood pressure readings and blood sugar levels – with their doctor in real time." -

bottom of page