New Fact Sheet on New Federal 21st Century Cures Act Final Rules

Comparing the New Federal 21st Century Cures Act Final Rules to the Proposal for a California Statewide HIE Network
Creating a statewide health information exchange (HIE) network offers direct benefit to
California providers, health plans and policymakers to respond to public health emergencies,
improve health equity, support care coordination and realize health quality improvements.

Recent federal policies will support these efforts and make them easier and more affordable,
but won’t be sufficient to meet California’s needs. Last year, the Centers for Medicare &
Medicaid Services (CMS) and the Office of the National Coordinator for Health Information
Technology (ONC) released Final Rules concerning interoperability under the 21st Century
Cures Act. The CMS Final Rule requires several changes to support information exchange,
including the Patient Access Application Programming Interface (API), Provider Directory API,
Payer-to-Payer Data Exchange, and Admission, Discharge and Transfer (ADT) Event Notification
policies.1 The ONC Final Rule makes important changes to support information exchange by
prohibiting Information Blocking and updating the Health IT Certification Program.

What are key pieces of the Final Rules?

● CMS Final Rule
○ Patient Access API
○ Provider Directory API
○ Payer-to-Payer Data Exchange
○ Admission, Discharge and Transfer Event (ADT) Notifications

● ONC Final Rule
○ Information Blocking rules
○ API Conditions of Certification

These federal rules will support patient access to their electronic health information using
standards-based APIs and help curb practices by health information technology (IT) developers,
providers, and health plans that interfere with the exchange or use of electronic health
information. They will also require hospitals to send notifications to primary care providers, and
health plans to share data among each other at the patient’s request. However, the federal rules
do not address the types of comprehensive information sharing needed of health care
stakeholders to ensure every Californian’s health information–regardless of where they receive
care or which insurer they have–is accessible and integrated into a comprehensive digital health

  1. 85 Fed. Reg. 25510 (May 1, 2020). You can find more information on the CMS website:

2. 85 Fed. Reg. 25642 (May 1, 2020). You can find more information on the ONC website:

Establishing statewide requirements and standards for information sharing by health plans and
providers would fill gaps in the federal rules and ensure stakeholders have the data and tools to
participate in state quality improvement and population health initiatives, to be successful in
value-based payment models, and – most important – to improve care quality and health
outcomes for patients.

Here are some ways the Final Rules di er from the e ort to establish a statewide HIE
network in California:

CMS API requirements are focused on patient access

● Under new CMS interoperability regulations all Medicare and Medicaid health plans arerequired

 to share claims data with patients through application programming interfaces
(APIs). Patients will have the ability to select and designate third-party applications to
access claims, encounter, and clinical information maintained by health plans(3) starting July 1, 2021.
This will allow patients to access their claims and a limited subset of clinical
information at their convenience through mobile applications on their smart phone or
other devices.
● Empowering patients to access their health information is imperative, but this approach does not ensure
information is shared with providers in a manner that supports care
coordination, quality reporting, and participation in value-based payment models. Nor
does it ensure that providers have at their disposal—at the point of care—all relevant
patient history and treatment information from members of the patient’s care team.
● State policy requirements would ensure that all members of the care team—whether aprimary
care provider or a health plan care coordinator—have access to patients’ unified
health records so they can coordinate care, address care gaps and improve equity.

The CMS ADT Rule Would Not Achieve Broad Participation in
Information Sharing

The CMS Final Rule includes a new requirement for hospitals to generate and send Admission,
Discharge, and Transfer (ADT) event notifications to members of a patient’s care team, to alert
their care team when they are admitted to, discharged from, or transferred to another hospital.
While sending ADT event notifications is a valuable use case and supports care coordination, this
requirement does not compel hospitals to share the rich clinical information in their electronic
health record (EHR) systems. Moreover, it leaves out other key stakeholders from receiving those
event notifications, including health plans and behavioral health providers. The ADT
requirements will not drive broad participation in data exchange needed to improve public health,
address equity concerns and enhance care.

In contrast, statewide data sharing requirements would create a level playing field for open and
inclusive electronic exchange of health information by key stakeholders, including health plans,
large clinician practices, and health systems. This approach would ensure that patients’ clinical

(3)Health plans subject to CMS’ Patient Access Application Programming Interface requirement include
MedicareAdvantage, Medicaid FFS and managed care organizations, CHIP FFS and managed care organizations,
and Qualified Health Plans on Federally Facilitated Exchanges and claims information is accessible across provider 
networks, EHR installations, and geographies in a manner that CMS’s piecemeal approach will not.

The ONC Information Blocking Rule does not ensure
meaningful, proactive data sharing

The ONC Final Rule requires health care providers to provide patients and patient-designated
third-party app developers with easier electronic access to a defined set of clinical data, at no
cost to the patient. Providers can no longer “block” patient access to these types of electronic
health information, with some exceptions.

While the ONC Final Rule sets the expectation that stakeholders cannot interfere, prevent, or
discourage the exchange of electronic health information, it does not create proactive
requirements for stakeholders to share health information electronically.

A requirement to participate in a statewide HIE network would create clear rules of the road for
California stakeholders on sharing and using health information. These requirements would
create proactive requirements to share data, complementing federal penalties.


Sign Up for the C4BH Newsletter.

Yes! I want to receive the Weekly Round-Up newsletter, which curates news and events relevant to health data exchange in California and beyond.