Skip to main content

Choosing the Right EHR Can Safeguard You Against Cures Act Penalties 

PUBLISHED ON: 08.24.2023
Go Back To
digital healthcare symbol in the care of a hand

 In the ever-evolving landscape of healthcare, the digitization of patient records has become not just a convenience but a necessity. To encourage the adoption of Electronic Health Records (EHRs) and ensure the secure sharing of Electronic Health Information (EHI), the 21st Century Cures Act (CURES Act) was enacted in the U.S. While the Act offers many benefits, it also carries penalties for non-compliance. In this blog post, we’ll explore how choosing the right EHR system can protect healthcare providers from Cures Act penalties.

The constantly evolving field of mental and behavioral health demands a resilient Electronic Health Records (EHR) system that can shield organizations from penalties stemming from non-compliance. With a proven 17-year history, PIMSY EHR is the reliable choice for cloud-based EHR solutions, specifically designed to offer the adaptability and flexibility needed to assist providers dedicated to adhering to regulatory standards. 


What is CURES Act? 

The CURES Act is a significant piece of legislation in the U.S. that was signed into law on December 13, 2016. It aims to balance the need for faster medical innovation with maintaining rigorous safety and efficacy standards to protect patients. 


Key Aspects of the CURES Act: 

  1. Medical Research Funding
    CURES Act provides increased funding for the National Institutes of Health (NIH) to support biomedical research. 
  2. FDA Approval Process
    It streamlines and modernizes the approval process for drugs and medical devices, aiming to bring new treatments and innovations to patients more quickly while maintaining safety standards.
  3. Mental Health and Substance Abuse 
    The act includes provisions to enhance mental health services, combat the opioid epidemic, and improve access to substance abuse treatment programs.
  4. Health Information Technology (HIT)
    CURES Act promotes the use of HIT by encouraging the development and adoption of interoperable EHRs and HIT standards. This is aimed at improving data sharing and coordination of care.
  5. Innovation and Regulatory Reform
    Seeks to promote innovation in healthcare by removing regulatory barriers and providing incentives for the development of new therapies, particularly in the fields of regenerative medicine and antibiotics.
  6. Patient Access 
    Includes measures to improve patient access to healthcare data, promote telehealth services, and enhance patient engagement in their healthcare decisions.
  7. Antibiotic Development 
    It encourages the development of new antibiotics to combat antibiotic resistance, a growing public health concern.
  8. Rare Diseases
    The Act contains provisions to support research and development for treatments for rare diseases. 


 The CURES Act and Information Blocking 

 The concept of information blocking became more prominent with the passing of the CURES Act. Information blocking refers to practices by health information technology (HIT) developers, exchanges, networks, and healthcare providers that unreasonably limit the access, exchange, or use of electronic health information (EHI). These practices hinder the ability of authorized individuals, such as patients, healthcare providers, and other authorized entities, to access and share essential health data.  

Why is Information Blocking a Concern? 

 The Cures Act includes penalties for those found to be engaging in information blocking practices, so it is vital that agencies stay in compliance. Healthcare providers, health IT developers, and organizations that participate in such practices may face financial penalties and potential exclusion from federal healthcare programs. 

 Information blocking practices can take various forms, including: 

  • Refusing to Share Information
    This occurs when a healthcare provider or HIT vendor refuses to share patient health records or other relevant health information with authorized individuals or entities, such as patients themselves or other healthcare providers.
  • Charging Unreasonable Fees 
    Some entities may impose excessive fees for accessing or exchanging health information, making it financially burdensome for patients or healthcare providers to obtain the necessary data.
  • Technical Interference 
    Information blocking can involve using technical measures to impede data sharing or exchange, such as implementing non-standard data formats or network protocols that make it difficult for different systems to communicate.
  • Privacy and Security Misconceptions
    Some entities may incorrectly interpret privacy and security regulations as reasons to withhold or limit data sharing, even when the sharing is legally permitted and necessary for patient care.
  • Delaying Information Sharing
    Deliberate delays in providing access to health information can also be considered information blocking. For example, unnecessarily delaying the release of test results to patients or healthcare providers can negatively impact patient care. 


What is an EHI? 

EHI is the digital representation of a person’s health information, medical history, and clinical data. It encompasses a wide range of health-related data that is stored and transmitted electronically. It’s also a crucial component of modern healthcare because it enables the efficient and secure exchange of patient information among healthcare providers, facilitates clinical decision-making, and supports patient-centered care. 

EHI can include but is not limited to: 

Electronic Health Records (EHRs) – Digital records of a patient’s medical history, including diagnoses, treatments, medications, laboratory results, imaging reports, and more.

Clinical Notes – Electronic versions of physicians’ notes, progress notes, and other documentation related to a patient’s medical care.

Medical Images – Digital images such as X-rays, MRIs, CT scans, and ultrasounds, along with associated reports and interpretations.

Medication Records – Information about a patient’s prescribed medications, dosages, and administration instructions.

Laboratory Results – Digital records of blood tests, urine tests, genetic testing, and other diagnostic tests.

Immunization Records – Records of vaccinations and immunizations received by a patient.

Allergies and Adverse Reactions – Information about a patient’s allergies, intolerances, and any adverse reactions to medications or treatments.

Patient Demographics – Personal information such as name, date of birth, address, contact details, and insurance information.

Appointment Scheduling and History – Electronic records of past and upcoming medical appointments and scheduling information.

Healthcare Provider Communications – Digital communications between healthcare providers about a patient’s care, including secure messaging and email.

Telemedicine Records – Records of telehealth or telemedicine consultations, including audio and video recordings, if applicable.

Healthcare Billing and Claims Data – Information related to healthcare billing, insurance claims, and financial transactions associated with medical services.


What is NOT an EHI? 

What is not considered EHI typically includes non-medical or non-health-related information, such as: 

Non-Medical Personal Information – Information unrelated to an individual’s health, such as their social security number, driver’s license number, or other personal identification information.

Non-Health-Related Financial Data – Financial information that is unrelated to healthcare.

Non-Medical Communications – Personal or business emails, text messages, or other electronic communications that do not pertain to healthcare or medical care.

General Personal Data – Information like a person’s educational history, employment records, and personal preferences, unless directly relevant to their healthcare decisions or medical treatment.

Non-Healthcare Legal Documents – Legal documents such as wills, contracts, or legal correspondence that are not directly related to a person’s healthcare.

Non-Healthcare Research Data – Scientific research data unrelated to a patient’s medical history or clinical care.

Social Media Activity – Social media posts, comments, and other interactions on platforms like Facebook, Twitter, or Instagram, even if they may contain health-related discussions.

Non-Clinical Administrative Data – Administrative data not directly related to healthcare management, such as office supply orders or facility maintenance records. 


Does Information Blocking Apply to Me?  

infographic about CURES Act and information blocking

Information Blocking rules apply to health care providers, health IT developers, and health information networks:  

Health Care Providers 

  • Physicians 
  • Hospitals 
  • Pharmacies 
  • Laboratories 
  • Group Practices
  • Ambulatory Surgical 
  • Centers 

Click here for a full list 


Health IT Developers 

An individual or entity, other than healthcare provider that self-develops health IT for its own use, that develops or offers health information technology to EHRs and other heath IT software applications. 


Health Information Networks 

An individual or entity that coordinates access, exchange, or use of Electronic Health Information (EHI), primarily between or among a particular class of individuals or entities or for a limited set of purposes. 



How the Right EHR Can Protect You 

  1. Compliance with Cures Act Standards: The correct EHR system will adhere to the standards and requirements set forth by the Cures Act. It will ensure that EHI is shared securely and without unnecessary delays, reducing the risk of information blocking penalties.
  2. Interoperability Capabilities: Interoperability is a central focus of the Cures Act. An EHR system that supports seamless data exchange with other healthcare providers and systems enhances your compliance efforts. It promotes the sharing of vital patient information across different platforms and organizations.
  3. User-Friendly Design: Complex or cumbersome EHR systems can lead to unintentional information blocking. The right EHR will be user-friendly, reducing the likelihood of errors or delays in sharing EHI.
  4. Data Privacy and Security: The Cures Act places a strong emphasis on protecting patient data. A compliant EHR will prioritize data privacy and security, helping you avoid penalties related to unauthorized access or data breaches.
  5. Patient Engagement Features: Engaged patients are more likely to request their EHI, which is a key component of the Cures Act. An EHR that facilitates patient engagement, such as secure patient portals, empowers patients to access and share their health information easily.
  6. Comprehensive Documentation: Proper documentation of data sharing activities is essential for compliance. The right EHR system will provide robust documentation features, ensuring you can demonstrate your compliance efforts when necessary.
  7. Regular Updates and Support: Regulations in healthcare can change, and EHR systems must adapt. Choosing an EHR vendor that provides regular updates and ongoing support ensures that your system remains compliant as regulations evolve. 



 In an era where healthcare information is increasingly digital, the CURES Act stands as a critical safeguard for patient care and data exchange. To protect your healthcare organization from Cures Act penalties, selecting the right EHR system is essential. A compliant EHR will not only help you adhere to the law but also improve patient care, streamline operations, and contribute to the broader goal of healthcare interoperability. Ultimately, the correct EHR is your shield against information blocking and the associated penalties, ensuring you can focus on what matters most: delivering high-quality healthcare to your patients.

Click here to learn more about PIMSY HER and compliance. 

Want to learn more about compliance – watch a webinar. 

 Contact us 



Jayne Kay
Author: Jayne Kay