Abett Logo
Interoperability in the 21st Century Cures Act

Interoperability in the 21st Century Cures Act

By: Bridget Keaton
September 29 2021

Access to health data in the United States is known to be chaotic, cumbersome and infamously difficult for patients to obtain.  Citizens lack the critical, easy access to their records that could empower them to make seamless and stronger healthcare decisions.  With the understanding that patient data access promotes informed decision making and creates peace of mind, the need for interoperability is a pressing matter.  In 2016, when the 21st Century Cures Act was signed into law, many individual components focused on patients and their ability to access critical data (“21st Century Cures Act”).  This article is part of an ongoing series unpacking various aspects of the 21st Century Cures Act and will focus on what interoperability means in terms of healthcare, implementation challenges and concerns, and how these advances can empower the individual and elevate the healthcare system.   

Interoperability is the ability of computer systems to exchange and make use of information.  With current technology, data is exchanged effortlessly for immediate access to global news, social happenings, and everything in between; everything, except personal health data. The ability of a patient to access their data with ease and efficiency has the power to transform how people receive and consume healthcare.  With a main focus of the Cures Acts on interoperability, the U.S. aims to improve patient outcomes, increase efficiency, and drive competition.  

Within the Cures Act, the Interoperability Rule focuses on an exchange of data between patients, providers and the payers all in a mobile device application for quick and easy access by the consumer. Application Programming Interfaces (APIs) are to be created for patient use across platforms for the seamless transfer and utilization of health data.  The final rule states that patients should be able to access their data no more than “one business day after a claim is adjudicated or a patient encounters a provider" (Landi).  Data should then be transferred to a third-party app “that provides an information infrastructure which uses technical standards, policies, and protocols to enable seamless and secure capture, discovery, exchange and utilization of health information" (“Interoperability in Healthcare”). At this time, the Interoperability Rule is only required for patients on Medicare, Medicaid, TriCare, CHIP, and the Federal Insurance Exchange; the Centers for Medicare and Medicaid Services (CMS) have created regulations for the implementation of APIs to carry out this ruling. With an easily accessible system, patients will be able to view their data efficiently and “provide patients with more choices in healthcare" (ONC’s Cures Act Final Rule). 

Access to personal healthcare information has the potential to empower strategic decision making and boost one’s sense of control.  Not only does efficient data access have the ability to provide critical information at a moment's notice, but it also brings about a level of organization that leads to health benefits.  Reduced stress levels, an increase in self-confidence and elevated peace of mind are all potential benefits to accurate and accessible data. When people know where their data is, and can access it quickly, the stress of the unknown is removed.  Currently in the U.S., obtaining health records from a provider can be difficult.  This puts stress on patients as they seek to understand their health needs.  In having immediate access to health records, the stress may be alleviated and peace of mind achieved.  So, as the United States moves towards a position of interoperability, citizens will feel good about the control they inherit and the informed choices they make.   

Due to its sensitive nature, implementing healthcare interoperability has met challenges regarding security risks for the patient that require transparency.   The CMS recognizes and promotes these new healthcare laws as having the ability to bring about innovative technological change along with providing enhanced autonomy. However, there is risk for the consumer as the law clearly states: “Once health information has been transmitted to a third-party app, it is no longer protected by the Health Insurance Portability and Accountability Act (HIPAA)" ("Best Practices for Payers").  As the data is transferred from the health provider to an app, the provider has an obligation to notify patients to review the security policies.  But it is the consumers responsibility to understand how their data may be used.  In 2019, the American Medical Association and American Hospital Association pushed for federal laws that would protect against data abuse via a 131-page letter to the National Coordinator for Health Information Technology (ONC).  Without federal protections, they, amongst others, worried that patients could be subject to unknown selling of their data which could lead to increased insurance rates, job discrimination, higher prescription costs and more (Singer).  However, the government holds that a patient's ability to access their data will empower greater decision making.   

Another aspect that may present a challenge to interoperability is the management of data flow.  In the U.S., it is the state's responsibility to develop their own consumer protection laws, leaving a wide array of policies.  As a result, California has the strictest consumer protection laws and is the closest to general data protection regulations (GDPR) within the United States.  With this in mind, the flow of data from providers to third party apps will need to meet the highest standards of protection to be in compliance and still enable the exchange of data.  Data security and flow coordination present some challenges to the implementation of interoperability but the goal is that they will promote enhanced decision making and elevate healthcare.  

Today, data has been made accessible at the touch of a button.  As technological advancements continue and provide opportunities for people to have their information rapidly, healthcare data would naturally follow suit.  While there are challenges present on how to prevent security breaches and data misuse, the benefits of a successful interoperability plan are immense. With greater access to medical data, consumers are enabled to use their data for important decisions that improve care and promote advancements leading to better, more effective healthcare.  


“21st Century Cures Act”.  U.S. Food and Drug Administration.  01 Jan. 2020.  https://www.fda.gov/regulatory-information/selected-amendments-fdc-act/21st-century-cures-act  

Landi, Heather.  “CMS’s Data Interoperability Rule Can Spur Innovation for Payers, Experts Say. Here’s How”.  Fierce Healthcare, 7 July, 2021. https://www.fiercehealthcare.com/tech/cms-interoperability-rule 

“Interoperability in Healthcare”. HIMSS. 2021. https://www.himss.org/resources/interoperability-healthcare#Part3 

“21st Century Cures Act”. ONC’s Cures Act Final Rule. https://www.healthit.gov/curesrule/ 

“Best Practices for Payers and App Developers”. Center for Medicare and Medicaid Services, 29 July, 2021. https://www.cms.gov/files/document/best-practices-payers-and-app-developers.pdf  

Singer, Natasha. “When Apps Get Your Medical Data, Your Privacy May Go with It”. The New York Times, 3 Sept. 2019. https://www.nytimes.com/2019/09/03/technology/smartphone-medical-records.html?searchResultPosition=3