What is the 21st Century Cures Act?
In 2016, Congress passed the 21st Century Cures Act[¹] to drive the electronic access, exchange, and use of health information. The Office of the National Coordinator for Health Information Technology (ONC) Cures Act Final Rule[²] implements the interoperability provisions of the Cures Act to promote patient control over patients’ health information. The 21st Century Cures Act aims to ensure that all parties (patients, caregivers, and healthcare providers) have appropriate access to electronic health information. The Act also promotes access to electronic health information in a simple and secure manner. Patients should be able to access their electronic medical records free of charge, while providers should have the freedom to choose easy-to-use, reasonably priced health IT tools to facilitate the best care for their patients.
What does the 21st Century Cures Act Require?
The 21st Century Cures Act mandates that medical providers, healthcare organizations, and health IT developers meet certain requirements in order to be compliant.
Protect patients’ privacy and security
The Cures Act supports secure access to the patient’s health data. Patients should be able to use applications they authorize to access their medical records. Healthcare organizations should ensure that patients’ data is safely secured within applications that encrypt authentication credentials and implement multi-factor authentication.
The ONC’s Cures Act Final Rule wants to increase the patient and payer choice in healthcare by increasing data availability that can support greater knowledge about care quality and costs.
Healthcare organizations should provide patients with a means of accessing information regarding care costs and outcomes. This cost transparency facilitates competitive options for patients seeking medical care. Failure to implement adequate transparency may constitute information blocking on the part of the provider.
Give patient’s access to their health data
Patients must be able to access the information within their medical records, including clinical notes, test results, and medications. This access will be facilitated by smartphone applications chosen by the patient, where they have the ability to share those records as they choose.
In order to facilitate the lawful access and sharing of medical data, healthcare organizations and health IT developers must implement:
- The United States Core Data for Interoperability (USCDI) standard
- Electronic Health Information (EHI) Export
- Standardized application programming interfaces (APIs) for Patient and Population Services
- Requires the use of the HL7® Fast Healthcare Interoperability Resources (FHIR®)
- Encrypt Authentication Credentials
- Multi-factor Authentication
How a Digital Front Door App aids compliance
A Digital Front Door app can ensure HIPAA-compliance by leveraging what’s known as a session lock. In other words, an electronic session containing Electronic Protected Health Information (ePHI) automatically terminates after a predetermined time of inactivity. The user is then forced to re-enter their password to resume their session.
A Digital Front Door app consolidates multiple types of software for patient engagement. Combining piecemealed solutions can mitigate security and compliance risks in multiple ways, including respecting patients’ communication preferences, facilitating HIPAA compliance, and preventing security breaches.
Patient data is encrypted at-rest and in-transit on secure servers within a Digital Front Door app. The Patient’s credentials are safely stored with an encryption[³] mechanism and protected with multi-factor authentication. Multi-factor authentication[⁴] or two-factor authentication is a security enhancement that obliges users to present two pieces of evidence of their identity when logging in to an account.
A Digital Front Door provides patients with a means to assess the amount they owe through features such as an online patient payment solution. Such a feature allows patients to view their outstanding balance as an itemized list, so they can see a full and transparent breakdown of their costs.
Within the Digital Front Door, the patient intake solution can verify their insurance coverage without staff assistance, furthering cost transparency. Estimates of ongoing costs for extended treatment courses are also included. Patient bill pay software also included within A Digital Front Door app integrates bi-directionally into Revenue Cycle Management (RCM) and Practice Management (PM) systems, providing patients and providers with up-to-date and accurate financial accounts.
Online Medical Records
With a Digital Front Door app, patients are able to view their encounter notes and health records from their providers and consolidate health information from multiple sources, including user-entered data, into a single patient record.
A Digital Front Door app is either a client-branded app or web solution that includes a multitude of patient engagement features, including access to medical records online and other self-service patient tools. Providing patients access to their medical records via a smartphone app helps the healthcare organization control the conversation on which apps patients should use, reducing patients’ chance of requesting access to their records through other unknown 3rd-party apps.
Healthcare organizations can meet both the Cures Act requirement for preparing API access for patients as well as offering a digital front door, which is considered foundational for improving the patient experience. A Digital Front Door app includes an API. Smartphone applications consume data via APIs.
All data within a Digital Front Door is formatted to the HL7®, FHIR®, and USCDI standards to facilitate interoperable electronic health records (EHR) exchange.
Healthcare organizations seeking 21st Century Cures Act compliance should consider implementing a Digital Front Door app. A third-party solution such as a Digital Front Door can optimize existing source systems and provide the patient with important data all in one place. Bridge offers a patient engagement platform in the form of a client-branded mobile app (Available for web, iOS, and Android) and web solution that serves as the foundation for a Digital Front Door.
DISCLAIMER: All product and company names are trademarks™ or registered® trademarks of their respective holders. Bridge is not affiliated, endorsed, or sponsored in any way to the service providers mentioned in this article.
- Bonamici, S. (2016). H.R.34 – 114th Congress (2015-2016): 21st Century Cures Act. [online] www.congress.gov. Available at: https://www.congress.gov/bill/114th-congress/house-bill/34
- Federal Register. (2020). 21st Century Cures Act: Interoperability, Information Blocking, and the ONC Health IT Certification Program. [online] Available at: https://www.federalregister.gov/documents/2020/05/01/2020-07419/21st-century-cures-act-interoperability-information-blocking-and-the-onc-health-it-certification
- May, W. (2019). Annex A: Approved Security Functions for FIPS PUB 140-2, Security Requirements for Cryptographic Modules. [online] . Available at: https://csrc.nist.gov/csrc/media/publications/fips/140/2/final/documents/fips1402annexa.pdf
- NIST (2016). Back to basics: Multi-factor authentication (MFA). [online] NIST. Available at: https://www.nist.gov/