Are you up to date on compliance with The Cures Act?

At a Glance

  • Understanding the Cures Act: The Cures Act Final Rule aims to improve healthcare interoperability and patient access to health information by defining information blocking and updating Health IT certification criteria.
  • Compliance Challenges and Strategies: Healthcare administrators face challenges in maintaining compliance with the rule, particularly in preventing information blocking and ensuring their systems support standardized APIs for patient access to electronic health information (EHI).
  • Navigating Penalties and Ensuring Compliance: To ensure compliance and avoid significant penalties, healthcare organizations should designate an Information Blocking Officer, frequently review and update their data access and exchange policies, and apply the rule’s exceptions appropriately.


The landscape of healthcare compliance is continuously evolving, and with the advancements up to 2024, the Cures Act Final Rule remains a critical aspect for healthcare administrators to navigate. Originally introduced in 2016 and enacted in 2020, The Cures Act Final Rule, governed by the Office of the National Coordinator for Health Information Technology (ONC), has had significant impacts on healthcare practices. The primary focus of this rule is on two core areas: defining information blocking and updating Health IT certification criteria, primarily aiming at enhancing interoperability and patient access to health information.

As of 2024, the Final Rule has evolved to address the dynamic needs of healthcare data exchange, ensuring a more streamlined and secure access to Personal Health Information (PHI). The rule encompasses health care providers, certified IT vendors, and health information networks and exchanges.

The Cures act final rule in 2024.2

Compliance Challenges and Strategies

The Cures Act Final Rule, while aiming to facilitate better patient outcomes and data sharing, also presents compliance challenges. Healthcare administrators need to be vigilant about the following areas:

  • Information Blocking: This term refers to practices likely to impede access, use, or exchange of electronic health information (EHI), unless legally required or fitting within established exceptions. Administrators must ensure that their practices do not inadvertently engage in information blocking, understanding that this does not supersede HIPAA or other regional regulations.
  • Certification Criteria: The Rule mandates the adoption of standardized APIs to facilitate patient access to their EHI through mobile applications. Healthcare entities should ensure that their systems are equipped with robust authentication processes, patient authorization measures, and an API gateway compatible with FHIR (Fast Healthcare Interoperability Resources) and USCDI (United States Core Data for Interoperability).

Navigating Penalties and Ensuring Compliance

With the ongoing development of compliance deadlines and penalties, healthcare administrators must actively review and adapt to these changes. As of 2024, non-compliance can result in significant penalties, including fines up to $1 million per violation. To effectively navigate these regulations, administrators should:

  • Appoint an Information Blocking Officer for internal governance.
  • Regularly review and update organizational policies related to data access and exchange.
  • Understand and appropriately apply information blocking exceptions.
  • Ensure transparent and compliant practices for personal health record access.

The Cures Act Final Rule continues to shape the landscape of health information management in 2024. Healthcare administrators play a crucial role in adapting to these changes, ensuring compliance, and ultimately contributing to the delivery of improved patient care. By understanding and effectively implementing the provisions of The Cures Act Final Rule, medical practices can not only avoid legal repercussions but also enhance their service quality, fostering innovation and competition in the healthcare sector.