Demystifying the 21st Century Cures Act: Healthcare Provider Obligations and Risks

Patient portals once offered limited information. But healthcare providers now use patient portals to make an array of information available to patients — from laboratory results and surgical reports to physician notes — to remain compliant with the 21st Century Cures Act.

Healthcare providers sometimes struggle with the reality of being required to release tests and labs prior to their opportunity to review or discuss the results. However, the Cures Act prohibits “information blocking,” requiring providers to make those results available to patients immediately.

Explore your Cures Act obligations as a healthcare provider along with the risks necessary to remain in compliance.

What is information blocking?

Information blocking is referred to in a subsection of the Cures Act as a practice that prevents, materially discourages, or otherwise interferes with the patient’s right to access their electronic healthcare information.

Because of the legislation, the Office of the National Coordinator for Health Information Technology, (ONC) issued an extensive outline addressing the compliance mandates for information blocking. A complete copy of those guidelines can be found on the ONC website.

Under the longstanding rules of HIPAA, providers are given 30 days to provide a patient with access to their medical records upon receipt of a written request. Under the information blocking regulations, providers need to provide free access “without delay” to an expansive range of electronic personal health information to be compliant with the regulation.

Enforcement is expected to begin at the end of 2023, and those compliance checks will expose healthcare providers to potential disincentives.

Adobe Stock 228300249 1

What patient information must be shared?

According to the United States Core Data for Inoperability (USCDI), all clinical notes must be shared if the technology is currently in place. That list includes:

  • Consultation Notes
  • Discharge Summary Notes
  • History and Physical
  • Imaging Narratives
  • Laboratory Report Narratives
  • Pathology Report Narratives
  • Procedure Notes
  • Progress Notes

What are the top three risks of providing open notes access?

According to the American Journal of Medicine, clinicians’ concerns over providing access to open notes center around three main issues:

  • The ability to communicate critical results before patient access
  • Compliance with information blocking vs. privacy laws
  • The task of uploading prior medical records contained

There are limited exceptions in situations where a patient may learn of critical test results through an online portal before the clinician has an opportunity to review those results and communicate with the patient.

Under the Cures Act Rule, there are exceptions about when information can be blocked or hidden from patient access on online portals. One exception allows for restricting portal access to a specific entry if they believe the patient may harm another person or themselves due to reading the information or if they need to protect the security of another person’s electronic health information (EHI). Detailed information on all exceptions is outlined by the ONC. The Final Rule itself only applies to records that exist in electronic form. Providers are not under obligation to upload paper files to portals.

On the positive side of the impact, based on a survey conducted by JAMA Network, seventy-four percent (74%) of clinicians surveyed regarding open notes felt it would lead to better patient care allowing for higher patient engagement and compliance. The ability to access private health information “without delay” through electronic health records will also address one of the highest reported complaints of patients according to NCBI — that patients feel they experience a significant delay in gaining access to complete information from providers.

Need More Resources?

Providers must review their concerns and be included in discussions on process changes and potential risk exposures evolving in the healthcare community. At LHA Trust Funds, we want to address [CD1] concerns the new requirements bring up and advise on areas that can lead to potential liability risks as healthcare providers navigate patient portal access.

Contact Director of Claims Operations Jamie Lamb at (225) 368-3817 or to schedule a Cures Act presentation at your healthcare facility.


This article is for informational purposes only and is not official technical or legal advice. The 21st Century Cures Act and information blocking rule do not supersede any state law pertaining to privacy or data release. Healthcare providers should consult with their organization’s Health Information Management, compliance, legal, finance, and/or public relations experts and teams to find out how it applies to them.

Jamie Lamb Square 250 250 px

Jamie Lamb, AIC, INC, SCLA
Director of Claims Operations

Jamie Lamb began her career in claims in 1997 and has obtained various insurance designations during her career. Her experience includes but is not limited to the management of complex claims in general liability, medical malpractice, excess coverage, and professional liability.

As the Director of Claims Operations, Ms. Lamb works closely with our members and our internal departments to assist with strategic goals and initiatives. She attended Evangel University in Springfield, Missouri, and Loyola University in New Orleans.

Content Related to this Article


Answering Your Questions About Informed Consent in Healthcare

Here’s LHA Trust Funds’ take on informed consent and answers to frequently asked questions from our members.

Learn More


EMTALA Requirements Aren’t Just for the Emergency Department

Here are some frequently asked questions about EMTALA requirements, the responsibilities of your healthcare facility, and...

Learn More


Healthcare for All: A Louisiana Provider Committed to Patient’s Access to Care

Join us in congratulating Maurice Community Care Clinic and exploring their solution for patient access to care.

Learn More