Comparing the New Federal 21st Century Cures Act Final Rules to the Proposal for a California Statewide HIE Network

California has a unique opportunity to develop a statewide health information exchange (HIE) network that can support our state’s health care reform priorities. As stakeholders looks to develop statewide HIE, it’s important to distinguish this effort from federal interoperability efforts.

Last year, the Centers for Medicare & Medicaid Services (CMS) and the Oice of the National Coordinator for Health Information Technology (ONC) released Final Rules concerning interoperability under the 21st Century Cures Act. The CMS Final Rule requires several changes to support information exchange, including the Patient Access Application Programming Interface (API), Provider Directory API, Payer-to-Payer Data Exchange, and Admission, Discharge and Transfer (ADT) Event Notification policies.1 The ONC Final Rule makes important changes to support information exchange by prohibiting Information Blocking and updating the Health IT Certification Program.2

What are key pieces of the Final Rules?

  • CMS Final Rule
    • Patient Access API
    • Provider Directory API
    • Payer-to-Payer Data Exchange
    • Admission, Discharge and Transfer Event (ADT) Notifications
  • ONC Final Rule
    • Information Blocking rules
    • API Conditions of Certification

These federal rules will support patient access to their electronic health information using standards-based APIs and help curb practices by health information technology (IT) developers, providers, and health plans that interfere with the exchange or use of electronic health information. They will also require hospitals to send notifications to primary care providers, and health plans to share data among each other at the patient’s request. However, the federal rules do not address the types of comprehensive information sharing needed of health care stakeholders to ensure every Californian’s health information–regardless of where they receive care or which insurer they have–is accessible and integrated into a comprehensive digital health record.

Establishing statewide requirements and standards for information sharing by health plans and providers would fill gaps in the federal rules and ensure stakeholders have the data and tools to participate in state quality improvement and population health initiatives, to be successful in value-based payment models, and – most important – to improve care quality and health outcomes for patients.

Here are some ways the Final Rules differ from the effort to establish a statewide HIE network in California:

CMS API requirements are focused on patient access to data, not on enabling access for treatment, payment or operations

Under the CMS Final Rule, patients will have the ability to select and designate third-party applications to access claims, encounter, and clinical information maintained by health plans3 starting July 1, 2021. This will allow patients to access their claims and a limited subset of clinical information at their convenience through mobile applications on their smart phone or other devices.

Empowering patients to access their health information is imperative, but this approach does not ensure information is accessible to providers in a manner that supports care coordination, quality reporting, and participation in value-based payment models. Nor does it ensure that providers have at their disposal—at the point of care—all relevant patient history and treatment information from members of the patient’s care team.

A statewide health information exchange network would break down data silos by advancing real-time electronic information sharing between health care stakeholders. Establishing expectations for private and public payers and purchasers, larger clinician groups, and hospital systems to proactively share patients’ health information would address an important gap in the federal rules: ensuring comprehensive patient records are available at the point of care.

CMS ADT Notification Requirement is limited in the amount of clinical data hospitals must share

The CMS Final Rule includes a new requirement for hospitals to generate and send Admission, Discharge, and Transfer (ADT) event notifications to members of a patient’s care team, to alert their care team when they are admitted to, discharged from, or transferred to another hospital. While sending ADT event notifications supports care coordination, this requirement does not compel hospitals to share other types of event notifications or other the rich clinical information they have on patients in their electronic health record (EHR) systems. Moreover, it leaves out other key stakeholders from receiving those event notifications, including health plans and behavioral health providers.

Given these limitations, the CMS rule will not drive the broad participation in data exchange needed to achieve a robust health information network. In contrast, statewide requirements for meaningful information sharing would create a level playing field for open and inclusive electronic exchange of health information by key stakeholders, including health plans, large clinician practices, and health systems. This approach would ensure that patients’ clinical and claims information is accessible across provider networks, EHR installations, and geographies in a manner than CMS’s piecemeal approach will not.

The ONC Information Blocking rule does not ensure meaningful, proactive data sharing

The ONC Final Rule requires health care providers to provide patients and patient-designated third-party app developers with easier electronic access to a defined set of clinical data, at no cost to the patient. Providers can no longer “block” patient access to these types of electronic health information, with some exceptions. The prohibition on information blocking will provide helpful but limited leverage over health care stakeholders that may not have been willing to respond to requests to share information.

While the ONC Final Rule sets the expectation that stakeholders cannot interfere, prevent, or discourage the exchange of electronic health information, it does not include proactive requirements for stakeholders to share health information electronically with other organizations or state agencies. Proactive data sharing through a statewide HIE network would enable the state and stakeholders to meet data needs at the point of care and at the aggregate level to perform population-level analyses.

A requirement to participate in a statewide HIE network would create clear rules of the road for California stakeholders on sharing and using health information. In addition, state requirements would complement ONC’s proposed information-blocking framework by explicitly specifying priorities and requirements for the electronic exchange of health information with other organizations.

1 85 Fed. Reg. 25510 (May 1, 2020). You can find more information on the CMS website: ent-Access-Final-Rule.

2 85 Fed. Reg. 25642 (May 1, 2020). You can find more information on the ONC website:

3 Health plans subject to CMS’ Patient Access Application Programming Interface requirement include Medicare Advantage, Medicaid FFS and managed care organizations, CHIP FFS and managed care organizations, and Qualified Health Plans on Federally Facilitated Exchanges.


Sign Up for the C4BH Newsletter.

Yes! I want to receive the Weekly Round-Up newsletter, which curates news and events relevant to health data exchange in California and beyond.