Are you up to date on compliance with The Cures Act?
At a Glance
- Understanding the Cures Act: The Cures Act Final Rule aims to improve healthcare interoperability and patient access to health information by defining information blocking and updating Health IT certification criteria.
- Key Compliance Challenges: Healthcare administrators must address stricter definitions of information blocking, adopt standardized APIs, and ensure secure data-sharing practices without violating HIPAA or other regulations.
- Effective Strategies for Compliance: Designating roles like an Information Blocking Officer, conducting regular staff training, partnering with certified health IT vendors, and implementing best practices from industry leaders like Cleveland Clinic and Mayo Clinic can help organizations navigate compliance while improving patient care.
- Future Implications: The Cures Act Final Rule is not just about compliance but also about fostering innovation, improving patient trust, and enabling seamless health information access through technology.
Here at BHS Connect, we understand that the healthcare compliance landscape is constantly evolving, and the Cures Act Final Rule plays a critical role in driving this evolution. Initially enacted in 2020, this rule aims to enhance interoperability and patient access to health information. By now, the rule’s implementation has matured, reflecting the dynamic needs of the healthcare sector. For healthcare administrators, understanding the implications of the Final Rule and developing effective compliance strategies is essential for managing its complexities.
Key Updates
Enhanced information blocking policies now include stricter definitions and monitoring mechanisms, requiring healthcare entities to align their practices to avoid inadvertent violations. There are several actions leaders can implement to ensure compliance; for example, Cleveland Clinic has launched a comprehensive three-year cybersecurity strategy aimed at reducing cyber risks, enabling seamless experiences, demonstrating operational excellence, and advancing cyber health. This initiative underscores their commitment to protecting patient information and ensuring compliance with evolving regulations.
Advanced API standards based on FHIR and USCDI are mandatory, emphasizing seamless and secure integration between health IT systems and patient-facing applications. While some compliance deadlines have been extended, penalties for non-compliance have become more severe, reinforcing the importance of timely adherence.
Challenges in Compliance
The Cures Act Final Rule, while aiming to enable better patient outcomes and data sharing, also presents compliance challenges. Navigating these requirements is much like walking a tightrope—each step must be carefully calculated to avoid missteps that could lead to legal or operational consequences. Healthcare administrators need to be vigilant about the following areas:
- Information Blocking: This term refers to practices likely to impede access, use, or exchange of electronic health information (EHI), unless legally required or fitting within established exceptions. Administrators must ensure that their practices do not inadvertently engage in information blocking, understanding that this does not supersede HIPAA or other regional regulations.
- Certification Criteria: The Rule mandates the adoption of standardized APIs to facilitate patient access to their EHI through mobile applications. Healthcare entities should ensure that their systems are equipped with robust authentication processes, patient authorization measures, and an API gateway compatible with FHIR (Fast Healthcare Interoperability Resources) and USCDI (United States Core Data for Interoperability). A few APIs to consider (ranked by best reviews/most useful) are: Oracle Health Millennium Platform, Google Cloud Healthcare API, and SMART on FHIR API.
Practical Compliance Strategies
Establishing a dedicated compliance team with roles such as an Information Blocking Officer can provide oversight for adherence to the Final Rule. Providing training programs to educate staff on regulatory updates, compliance requirements, and patient-centered practices is critical. Here are a couple that the BHS Connect team recommends:
- HIPAA Training and Resources offered by the U.S. Department of Health and Human Services
- HIPAA Compliance: A Complete Guide by Allison
Adopting robust IT solutions by partnering with certified health IT vendors ensures secure and compliant systems that support FHIR and USCDI standards. Regular policy reviews and routine assessments of data-sharing practices help organizations stay aligned with evolving regulations.
Looking Ahead
The Cures Act Final Rule is more than a set of regulations—it’s a catalyst for innovation and better patient care. By embracing compliance and harnessing the power of technology, healthcare organizations can turn challenges into opportunities, setting themselves apart in a competitive market. Consider this: The Mayo Clinic adopted FHIR-based APIs and patient-focused technologies to streamline data sharing. Patients can now access their health information effortlessly through apps. This move didn’t just check a compliance box; it elevated the patient experience, fostering trust and loyalty while meeting regulatory goals.
Final Thoughts
Compliance with the Cures Act Final Rule calls for a thoughtful strategy and a deep commitment to patient-centered care. As healthcare regulations evolve in 2025, administrators stand at the forefront, shaping both compliance efforts and the pursuit of exceptional care delivery. Their leadership ensures not only adherence to the law but also meaningful improvements in patient outcomes.
