How Healthcare Payers Can Remain Compliant to the Newest Rules by the CMS and ONC

In an effort to improve patient satisfaction and outcome, the Office of the National Coordinator for Health Information Technology (ONC) released the Cures Act Final Rule. The primary goal of the Cures Act Final Rule is to allow patients to access their electronic health records (EHRs). Patients should be able to access their EHRs at no additional cost or without having to overcome extra technical barriers. 

As a payer, you need to comply to some new policies under the Cures Act Final Rule. In our latest article, Iron Bridge examines the new payer policies for patient access to EHRs and how you can use a fhir API to ensure your organization is compliant to the Cures Act Final Rule. 

New Policies for Payers Under the Final Rule

Expert in Fhir API Examines New Policies Under the Cures Act Final Rule

patient in hospital bed

There are four new policies for payers to follow under the Cures Act Final Rule. These new policies are designed to breakdown barriers to patient access to their EHRs and to encourage more people to access their health records. Most Medicare and Medicaid payer organizations will need to implement a fhir API to allow a seamless exchange to health information among different parties. Because of COVID-19, some of the deadlines for compliance have been pushed back. 

Let’s examine all four new policies for payers together. 

1. Provide patient access through an open application programming interface

Under the Cures Act Final Rule, payers are required to provide access to patient data using a standardized API. The original deadline for compliance was January 1, 2021. However, it has been pushed back to July 1, 2021. Until then, it is critical for payers to build a strategy for implementing new APIs, such as a fhir API model, with proper security functionalities. Payers also need to design a plan to approve access to their APIs by third-party developers and other providers who use their own health plans. 

2. Share provider directory data to the public

Using a standards-based API, payers must also make provider information available to the public. This information should include the provider’s name, address, phone number, and medical specialty. The original compliance date for this policy was January 1, 2021. However, the deadline for this requirement has been pushed back to July 1, 2021. 

3. Exchange patient clinical data 

By January 1, 2022, payers will need to be able to exchange pertinent patient health data at their request. This allows them to seamlessly keep their health information with them over time as they move between different payers. 

4. Increased data exchange for dual-eligible members

Under this policy, states must exchange Medicare and Medicaid enrollee data with the CMS on a daily basis. For payers, this means that each state must implement new system changes in order to comply with this policy. 

Key Strategies for Implementing a Fhir API

Make Sure Your Organization is Compliant Using These Steps

physicians working in research lab

While these compliance dates seem far away at the moment, they can end up taking you by surprise if you don’t strategize an organized plan for adopting them into your organization’s practices. 

Assess Your Organization’s Readiness

Right now, you need to determine what information your organization already provides to patients. Does your organization provide helpful information on its website? Where does it store patient financial and clinical data? Can third-party applications access this information? 

Determine How You Can Increase Engagement

As a payer, you should see how you can go beyond the minimum requirements set by the Cures Act Final Rule. The rule should act as a baseline for how you can increase patient engagement and improve their experience. 

Find a Third-Party Fhir API Solution

Numerous companies, including Iron Bridge, provide fhir APIs designed to comply with the Cures Act Final Rule. Instead of wasting resources and energy on building your own API, recruiting a third-party to assist you will help your organization focus on what matters most. 

Meet the fhirstation

Learn How the fhirstation by IronBridge Can Help You

fhirstation by iron bridge

The fhirstation by Iron Bridge is a turn-key, multi-tenant Software as a Service (Saas) solution for healthcare payers. This state-of-the-art SaaS system was designed for the 21st Century Cures Act and ONC and CMS Interoperability Final Rule 2020. 

The fhirstation’s top features include:

  • Powerful data analytics tools
  • Adapters for translating EHR and health plan data in FHIR data models
  • Terminology services for industry coding systems
  • Native FHIR v4 data models for storage
  • The ability to breakdown information blocking and enable information exchange between patients, payers, health IT developers, and EHR vendors


While the compliance deadline for the CMS and ONC rules has been pushed back due to COVID-19, it doesn’t hurt to plan ahead. For more information on our fhir API, contact the team at Iron Bridge today.

Back to blog