Health IT Legislation

21st Century Cures Act

There are many provisions of the 21st Century Cures Act (Cures Act) that will improve the flow and exchange of electronic health information. ONC is responsible for implementing those parts of Title IV, delivery, related to advancing interoperability, prohibiting information blocking, and enhancing the usability, accessibility, and privacy and security of health IT. ONC works to ensure that all individuals, their families and their health care providers have appropriate access to electronic health information to help improve the overall health of the nation’s population.

In addition to supporting medical research, advancing interoperability, clarifying HIPAA privacy rules, and supporting substance abuse and mental health services, the Cures Act defines interoperability as the ability exchange and use electronic health information without special effort on the part of the user and as not constituting information blocking. 

ONC focuses on the following provisions as we implement the Cures Act:

  • Section 4001: Health IT Usability
  • Section 4002(a): Conditions of Certification
  • Section 4003(b): Trusted Exchange Framework and Common Agreement
  • Section 4003(c): Health Information Technology Advisory Committee
  • Section 4004: Identifying reasonable and necessary activities that do not constitute information blocking

ONC is also supporting and collaborating with our federal partners, such as the Centers for Medicare and Medicaid Services, the HHS Office of Civil Rights, the HHS Inspector General, the Agency for Healthcare Research and Quality, and the National Institute for Standards and Technology.

MACRA

The Medicare Access and CHIP Reauthorization Act of 2015 (MACRA) ended the Sustainable Growth Rate formula, which threatened clinicians participating in Medicare with potential payment cliffs for 13 years. If you participate in Medicare Part B, you are part of the dedicated team of clinicians who serve more than 55 million of the country’s most vulnerable Americans, and the Quality Payment Program will provide new tools and resources to help you give your patients the best possible care. You can choose how you want to participate based on your practice size, specialty, location, or patient population.

The Quality Payment Program has two tracks you can choose:

  • Advanced Alternative Payment Models (APMs) or
  • The Merit-based Incentive Payment System (MIPS)

If you decide to participate in an Advanced APM, through Medicare Part B you may earn an incentive payment for participating in an innovative payment model.

If you decide to participate in MIPS, you will earn a performance-based payment adjustment.

HITECH Act

The Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 [PDF - 266 KB] provides HHS with the authority to establish programs to improve health care quality, safety, and efficiency through the promotion of health IT, including electronic health records and private and secure electronic health information exchange. Learn more about select portions of the HITECH Act that relate to ONC’s work.

FDASIA

Section 618 of the Food and Drug Administration Safety and Innovation Act (FDASIA) of 2012 directed the Secretary of Health and Human Services, acting through the Commissioner of the U.S. Food and Drug Administration (FDA), and in consultation with ONC and the Chairman of the Federal Communications Commission, to develop a report that contains a proposed strategy and recommendations on an appropriate, risk-based regulatory framework for health IT, including medical mobile applications, that promotes innovation, protects patient safety, and avoids regulatory duplication. The Health IT Policy Committee formed a FDASIA workgroup and issued recommendations to ONC, FDA, and FCC as of the September 4th, 2013 HIT Policy Committee meeting.

View the full collection of FDASIA Section 618 related activities.

Read the draft FDASIA Health IT Report Proposed Risk Based Regulatory Framework report [PDF - 438 KB] for public comment. Additional activities related to the draft report, including public meetings and instructions on how to submit public comments will be made available on an ongoing basis.

HIPAA

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 protects health insurance coverage for workers and their families when they change or lose their jobs, requires the establishment of national standards for electronic health care transactions, and requires establishment of national identifiers for providers, health insurance plans, and employers.

The HHS Office for Civil Rights administers the HIPAA Privacy and Security Rules. The HIPAA Privacy Rule describes what information is protected and how protected information can be used and disclosed. The HIPAA Security Rule describes who is covered by the HIPAA privacy protections and what safeguards must be in place to ensure appropriate protection of electronic protected health information.

The Centers for Medicare and Medicaid Services administer and enforce the HIPAA Administrative Simplification Rules, including the Transactions and Code Set Standards, Employer Identifier Standard, and National Provider Identifier Standard. The HIPAA Enforcement Rule provides standards for the enforcement of all the Administrative Simplification Rules.

Affordable Care Act

The Affordable Care Act of 2010 establishes comprehensive health care insurance reforms that aim to increase access to health care, improve quality and lower health care costs, and provide new consumer protections.

Content last reviewed on April 19, 2018
Was this page helpful?