Skip to main content

Six Years Into the 21st Century Cures Act: What You Need to Know

Valerie Puck, Chief Compliance Officer 21st Century Cures Act Gets More Real in 2023

Published March 6, 2023.

Sometimes, there is data that shows something works on paper, and then there is real-life experience. Here’s where we are six years into the 21st Century Cures Act.

Signed into law in December 2016, the act is designed to standardize and improve healthcare IT. Boosting interoperability and minimizing information blocking are the biggest provisions, but there is more to the act. The overarching goal is to give patients greater access to their health and medical information and to allow approved parties to share the data more seamlessly.

Fast forward to the end of 2022. The latest 21st Century Cures Act requirement states that electronic health record companies need to provide the certified Fast Healthcare Information Resources (FHIR®) application programming interface (API) to customers, including physician offices, hospitals and health system settings, by December 31.

So, gone are the days of just proving theoretical compliance with FHIR.

The latest standards might also help bring the United States into line with firms in the European Union, which were ahead in terms of data sharing access and compliance regulations.

Some of the certification requirements in the act have to do with functionality, making sure that healthcare providers are able to use the systems in the ways in which the government intended in its certification requirements. In the past, we worked with our certifying body to show it the software capabilities. The goal was to get it to say, “Yes, that is what the government expects.” Then we would release the software upgrade to our customers.

The act changes things a bit. Now we’re doing real-world testing. We not only have to show the certifying organization what we’re doing but also have to come back months later and show that people are actually using the certified software in the manner in which the government expected them.

The real-world testing and other provisions of the act are not written in layman’s terms. Understanding the requirements can be complicated, so I suggest IT professionals, physicians and others reach out to their local medical societies for guidance. In some cases, an EHR company you work with may be able to offer guidance on ways the software can help to facilitate compliance. For example, ModMed® has a dedicated group of employees to evaluate these regulations and determine how to ensure our software helps our customers comply with the ongoing requirements of the act.

Another tip is to ensure your EHR system is certified and up to date on all the act’s requirements. You can check the status of individual systems at the Certified Health IT Products List (CHPL).

What’s the risk if you don’t comply on time? Most likely the company will hear from clients who are no longer able to get paid for Medicare submissions under the Merit-Based Incentive Payment System (MIPS). Not getting paid is generally a quick form of feedback.

Discover our specialty-specific EHR systems and MIPS solutions. 

About the Author

Valerie Puckett is Chief Compliance Officer for ModMed. She has over 20 years of compliance experience, including building and maturing ethics and compliance programs. Her primary areas of expertise also include privacy, regulatory affairs, government and other contracting risk, global anticorruption, antikickback statute, Stark Law, false claims, IT security, healthcare revenue cycle, auditing and monitoring, process improvement, quality (MIPS), EDI, and leading others.

This blog is intended for informational purposes only and does not constitute legal or medical advice. Please consult with your legal counsel and other qualified advisors to ensure compliance with applicable laws, regulations, and standards.