By Linda Kloss

The 21st Century Cures Act was passed by Congress in December 2016 and long awaited final regulations were released earlier this summer.  The Cures Act is a complex multi-part law that will be administered through a number of Federal agencies.  The Verisma sponsored webinar on August 26 focused on the Interoperability, Information Blocking, and the ONC Health IT Certification Program Final Rule that was developed and will be administered by the Office of the National Coordinator for Health IT(ONC).   A special thanks to the ONC team of Elisabeth Myers, Deputy Director, Office of Policy and Michael Lipinski, Division Director, Regulatory & Policy Affairs, Office of Policy for providing a great overview of the Rule and taking audience questions. 

The Rules

We learned that the ONC Rule is really two Rules in one:  regulations designed to advance interoperability and prevent information blocking, key goals of the Cures Act that apply to providers, developers of certified health IT and health information networks and exchanges, and; regulations regarding revised and new criteria for health IT certification.  While our webinar audience primarily represents the provider community, we understand that it is helpful to understand the scope because health systems do operate information networks and exchanges and provider organizations, of course, set specifications for vendors such as their certified EHR vendors. 

From the 30,000 foot perspective, Cures Act represents a third important milestone in advancing a digital health ecosystem with its enormous potential to improve health and health care. The 1996 HIPAA law and associated regulations put in place essential preconditions for digital health – privacy, security, and standards for administrative simplification.  The 2009 HITECH Act accelerated health IT adoption through EHR incentives, certification of health IT, and the development of approaches for health information exchange.  The 2016 Cures is intended to unlock the fullest potential of digital health data to accelerate research into preventing and curing serious illnesses. 

The ONC Final Rule advances interoperability using levers of government, such as its standards setting and enforcement roles, to remove barriers. It underscores the importance of patient access to information, a principle that is foundational to all three of the health information laws.  We also learned that ONC worked closely to align with the Centers for Medicare and Medicaid Services (CMS) Cures Act Rule, the Interoperability and Patient Access final rule.  This is important because aligned concepts, definitions, and standards will bridge clinical and administrative data interoperability, too long siloed. 

The Implications for Disclosure Management

For Release of Information (ROI) professionals and service providers, the Cures Act has four clear implications:

  • We are already seeing an increase in requests from patients for access to their health information.  These Rules will drive further interest by patients and continue this trend.  It is important that ROI modernize patient access through the use of request apps to both support requests and releases.
  • While not directly addressed by the Cures Rules, ROI is today the prominent mechanism for disclosure of a single patient’s data.  The Rules accelerate the urgency of adopting contemporary practices such as standardizing ROI across the enterprise and using smart end-to-end workflow technology that improves turn around and accuracy, while ensuring compliance and accountability.
  • Move away from paper, fax and other outdated ways of handling requests and releases.  If walk up windows and mail in request have slowed due to COVID-19 responses, redesign processes to use technology to improve the efficiency of request and release processes.   
  • Make efficient and accurate patient access a central goal for the ROI team.  Shift from processing paper to helping people get access to their information.  Then, help educate patients about how they can take steps to keep the health records in their possession safe and secure.  

For HIM work generally, the interoperability-focused Final Rules from ONC and CMS include important concepts that will be part of our work in the years ahead. 

  • First, aligning administrative and clinical data standards begins to overcome the artificial separation of patient data for insurance and finance from that used in clinical care.  HIM bridges these worlds and can play an important role in helping to unify them. 
  • As custodians of the health record, HIM maintains EHI and ePHI definitions for designated record sets.  HIM should engage stakeholders in data governance for interoperability including USCDI and defining admission, discharge or transfer (ADT) and other patient event notifications addressed in the CMS Final Rule. Where needed, data capabilities, such as provenance, should be expanded.
  • Working with stakeholders, HIM should step up data quality control for interoperability.
  • The Rules do not change HIPAA privacy and security foundations, but they include a big step forward requiring privacy and security attestation for certified health IT.  Join us for a discussion of the importance of ‘designing in’ privacy and security in a September 23 Webinar.   

The Resources

Elisabeth and Michael described ONC’s commitment to providing education resources for stakeholders.  The ONC Final Rule can be found at along with fact sheets and previously recorded webinars. 

The CMS Rule and resources can be found at  Information on the CMS ADT Notice Provisions can be found at

Verisma’s webinar slides and recording are available upon request from