21st Century Cures Act FAQs
Answers to the most common 21st Century Cures Act questions.
| Question | Answer |
| What is the 21st Century Cures Act and what does it require? | The 21st Century Cures Act (Cures Act) was enacted for a variety of reasons across the care continuum. The Cures Act fosters innovation in health care technology to deliver better information while promoting visibility into the services, quality, and costs of health care. The two rules that are important to Tebra’s customers are (1) Implementing Interoperability and (2) Information Blocking. The specific provisions include:
|
| Where can I find more information about compliance with the Cures Act? | Many physician associations (e.g., AMA and MGMA) publicly provide additional information on compliance with the Cures Act. |
| What is information blocking? | Information blocking is defined as: A practice by a healthcare provider, health IT developer of certified health information technology, or health information network (HIN)/health information exchange (HIE) that is likely to interfere with access, exchange, or use of electronic health information (EHI), except as required by law or specified by the Secretary of Health and Human Services (HHA) as a reasonable and necessary activity. The rule should have been named “Information Sharing” because the goal is for patients to have access to their information. For exclusions to sharing, review the exception FAQ. |
| What information constitutes electronic health information (EHI)? | The Cures Act requires EHI to be shared electronically with patients. The definition of EHI comes from, but is slightly broader than, the HIPAA concept of a “designated record set,” which includes all medical and billing records about a patient. However, initially, the information blocking requirements of the Cures Act only related to EHI as defined by the United States Core Data for Interoperability (USCDI). Currently, the USCDI definition of EHI includes only specific medical information, not billing records. In addition to the elements in the current Common Clinical Data Set (CCDS) which serves as the foundation of the Summary of Care and Referrals used by physicians to transmit patient data, USCDI has recently announced that EHI also includes the following clinical note categories: (1) history and physicals, (2) progress notes, (3) procedure notes, (4) consult notes, (5) imaging reports, (6) laboratory reports, (7) pathology reports, and (8) discharge summaries (typically found in hospital settings).
Tebra has updated its application to capture all the data elements required by USCDI v1 and certified to the 2015 Cures Update in December 2022. USCDI v1 
USCDI v2 and USCDI v3 have been finalized and Tebra will be required to implement these updates, and certify, in 2025. USCDI v2 adds three data classes and 22 data elements in support of advancing health equity.  USCDI v3 adds two additional data classes and 20 data elements.
|
| As a provider, do I have to make all EHI available to my patients? | While there is no requirement for providers to make EHI available to patients who have not requested it, a delay in the release or availability of EHI in response to a request for legally permissible access to or exchange or use of EHI may be considered an interference. In addition, providers need to be aware of the HIPAA obligations to provide patients with access to their records. |
| Is Tebra software complaint with the requirements of the Cures Act? | As part of our 2015 ONC certification, Tebra allows the sharing of health information through our patient portal. If a patient has access to Tebra’s patient portal, he or she has access to the EHI defined by the USCDI, with the exception of the USCDI clinical note category. For other categories of EHI, Tebra can provide access through other means. Tebra utilizes other technologies to provide patient access to EHI, including a secure ShareFile service through which exports of EHI may be shared. As requirements under the Cures Act continue to evolve, Tebra will develop additional processes to facilitate EHI access, exchange, and use. |
| Where can I submit a request for EHI? | Please submit a request for EHI using the Cures Act Request Form. |
| Can third parties request access to patients’ EHI? | The Cures Act will allow third parties, such as technology vendors or payers seeking patient information, to request EHI on behalf of patients. Future access for such parties will likely occur through an electronic interface. However, providers must still meet the requirements of state laws regarding access to medical records and HIPAA’s patient right of access obligations. |
| Are there any exceptions to providing a patient or their representative access to EHI? | Yes, the Information Blocking Regulations provide for eight (8) exceptions when a physician would not have to provide access to EHI. Those exceptions are:
|
| How do I know if an exception applies? | Physicians may want to have written policies that help them know how to appropriately respond to requests for EHI. To the extent the physician is relying on the EHR to implement the access requests, the physician should work with Tebra to set up electronic rules that can be followed. For example, flagging/indicating which type of EHI should not be shared with patients (e.g., psychotherapy notes). |
| What happens if I don’t comply with the Information Blocking Regulations? | The Cures Act provides for significant penalties for healthcare providers, vendors and HIE/HIN parties that fail to comply with the prohibition on information blocking. The OIG has the authority to enforce these regulations, however, the OIG’s enforcement regulations are not yet final. |
| Do I have to verify my compliance with the Information Blocking Regulations? | Maybe. If you are participating in the Merit-based Incentive Payment System, you will be required to attest that you:
|
