New Fact Sheet on New Federal 21st Century Cures Act Final Rules

Comparing the New Federal 21st Century Cures Act Final Rules to the Proposal for a California Statewide HIE Network

Creating a statewide health information exchange (HIE) network offers direct benefit to California providers, health plans and policymakers to respond to public health emergencies, improve health equity, support care coordination, and realize health quality improvements.

Recent federal policies will support these efforts and make them easier and more affordable, but won’t be sufficient to meet California’s needs. Last year, the Centers for Medicare & Medicaid Services (CMS) and the Office of the National Coordinator for Health Information Technology (ONC) released Final Rules concerning interoperability under the 21st Century Cures Act. The CMS Final Rule requires several changes to support information exchange, including the Patient Access Application Programming Interface (API), Provider Directory API, Payer-to-Payer Data Exchange, and Admission, Discharge and Transfer (ADT) Event Notification policies.1 The ONC Final Rule makes important changes to support information exchange by prohibiting Information Blocking and updating the Health IT Certification Program.2

What are key pieces of the Final Rules?

  • CMS Final Rule
    • Patient Access API
    • Provider Directory API
    • Payer-to-Payer Data Exchange
    • Admission, Discharge and Transfer Event (ADT) Notifications
  • ONC Final Rule
    • Information Blocking rules
    • API Conditions of Certification

These federal rules will support patient access to their electronic health information using standards-based APIs and help curb practices by health information technology (IT) developers, providers, and health plans that interfere with the exchange or use of electronic health information. They will also require hospitals to send notifications to primary care providers, and health plans to share data among each other at the patient’s request. However, the federal rules do not address the types of comprehensive information sharing needed by health care stakeholders to ensure every Californian’s health information – regardless of where they receive care or which insurer they have – is accessible and integrated into a comprehensive digital health record.

Establishing statewide requirements and standards for information sharing by health plans and providers would fill gaps in the federal rules and ensure stakeholders have the data and tools to participate in state quality improvement and population health initiatives, to be successful in value-based payment models, and – most important – to improve care quality and health outcomes for patients.

Here are some ways the Final Rules differ from the effort to establish a statewide HIE network in California:

  1. CMS API requirements are focused on patient access

Under new CMS interoperability regulations all Medicare and Medicaid health plans are required to share claims data with patients through application programming interfaces (APIs). Patients will have the ability to select and designate third-party applications to access claims, encounter, and clinical information maintained by health plans3 starting July 1, 2021. This will allow patients to access their claims and a limited subset of clinical information at their convenience through mobile applications on their smart phones or other devices.

Empowering patients to access their health information is imperative, but this approach does not ensure information is shared with providers in a manner that supports care coordination, quality reporting, and participation in value-based payment models. Nor does it ensure that providers have at their disposal – at the point of care – all relevant patient history and treatment information for members of the patient’s care team.

State policy requirements would ensure that all members of the care team – whether a primary care provider or a health plan care coordinator – have access to patients’ unified health records so they can coordinate care, address care gaps, and improve equity.

  1. The CMS ADT Rule Would Not Achieve Broad Participation in Information Sharing

The CMS Final Rule includes a new requirement for hospitals to generate and send Admission, Discharge, and Transfer (ADT) event notifications to members of a patient’s care team, to alert their care team when they are admitted to, discharged from, or transferred to another hospital. While sending ADT event notifications is a valuable use case and supports care coordination, this requirement does not compel hospitals to share the rich clinical information in their electronic health record (EHR) systems. Moreover, it leaves out other key stakeholders from receiving those event notifications, including health plans and behavioral health providers. The ADT requirements will not drive broad participation in data exchange needed to improve public health, address equity concerns and enhance care.

In contrast, statewide data sharing requirements would create a level playing field for open and inclusive electronic exchange of health information by key stakeholders, including health plans, large clinician practices, and health systems. This approach would ensure that patients’ clinical claims information is accessible across provider networks, EHR installations, and geographies in a manner that CMS’s piecemeal approach will not.

  1. The ONC Information Blocking Rule does not ensure meaningful, proactive data sharing

The ONC Final Rule requires health care providers to provide patients and patient-designated third-party app developers with easier electronic access to a defined set of clinical data, at no cost to the patient. Providers can no longer “block” patient access to these types of electronic health information, with some exceptions.

While the ONC Final Rule sets the expectation that stakeholders cannot interfere, prevent, or discourage the exchange of electronic health information, it does not create proactive requirements for stakeholders to share health information electronically.

A requirement to participate in a statewide HIE network would create clear rules of the road for California stakeholders on sharing and using health information. These requirements would create proactive requirements to share data, complementing federal penalties.


  1. 85 Fed. Reg. 25510 (May 1, 2020). You can find more information on the CMS website:
  2. 85 Fed. Reg. 25642 (May 1, 2020). You can find more information on the ONC website:
  3. Health plans subject to CMS’ Patient Access Application Programming Interface requirement include Medicare Advantage, Medicare FFS and managed care organizations, CHIP FFS and managed care organizations, and Qualified Health Plans on Federally Facilitated Exchanges.

Sign Up for the C4BH Newsletter.

Yes! I want to receive the Weekly Round-Up newsletter, which curates news and events relevant to health data exchange in California and beyond.