The 21st Century Cures Act (Cures Act), which was signed into law in the U.S. in December 2016, contains provisions designed to promote the rapid and widespread adoption of electronic health records (EHRs) and facilitate health information exchange. Among its many provisions, some are directly related to technology, interoperability, and the prevention of information blocking.

According to the regulations, access to and sharing of healthcare data to providers, patients, and approved third parties (by proxy) is not only mandated, but failure to comply carries stiff penalties. With new, modern healthcare applications, these requirements ‘should’ be achievable. But this isn’t quite the case when we think about legacy applications.

At the best of times, data in a legacy system is difficult to access by clinicians and support staff. When you  add the additional burden of providing this data electronically as part of the designated record set (DRS), as stipulated by the Cures Act, the problem of access and sharing is exacerbated. Furthermore, the longer that data stays in situ, and the application and hardware age, the more vulnerable it becomes (we’ll cover this in more detail later in this blog series). So, extracting, migrating, storing, and protecting legacy data are intelligent moves to dismantle the risks associated with continuing to run and maintain these aging data silos.

The impact of the 21st Century Cures Act on legacy healthcare applications

Here’s a brief overview of the Cures Act’s impact on legacy healthcare applications:

1) Promotion of Interoperability

Legacy applications, which may have been developed in an era before widespread health information exchange, may lack the capabilities needed to share data with modern systems easily. The Cures Act emphasizes the importance of interoperability, with a clear goal to ensure that electronic health information is accessible and can be easily exchanged without special effort.

2) Prevention of Information Blocking

One of the major concerns when dealing with legacy applications is the potential for these systems to block the access to and sharing of information either intentionally (e.g., to maintain a competitive edge) or unintentionally (e.g., due to outdated technologies). The Cures Act has provisions that prevent health IT vendors, health information exchanges, networks, and providers from blocking the access, exchange, or use of information defined in the designated record set.

3) Adoption of Standards

The Cures Act promotes using recognized data standards, such as FHIR (Fast Healthcare Interoperability Resources). Many legacy systems will not support these standards and might need to be updated (where possible) or integrated with middleware solutions in order to comply.

4) APIs and Third-party Apps

The Cures Act also emphasizes the importance of open APIs (Application Programming Interfaces) to promote health information exchange. Legacy applications may not natively support APIs and may require significant modification or middleware to integrate with modern API-driven healthcare applications.

5) Patient Access to Health Data

The Cures Act empowers patients to have electronic access to their designated record set at no cost. This could mean that legacy systems need to have functionalities to easily export patient data in a usable, electronic format or be connected to a portal where patients can retrieve their information.

6) Patient Access to Health Data

Health IT solutions must be certified under the ONC (Office of the National Coordinator for Health IT) Health IT Certification Program. Legacy systems might not meet the latest certification criteria, which means they would need to be updated or replaced to ensure compliance.

Turning legacy data from a problem to an opportunity

The 21st Century Cures Act presents both challenges and opportunities for hospitals. For healthcare providers and health IT vendors, the implications of the Cures Act are significant. Legacy systems that cannot support the modern demands of interoperability, open data exchange, and patient access might need to be replaced or heavily modified.

However, the overarching theme is the move towards a more connected, transparent, and patient-centered healthcare system. So, there is an opportunity for hospitals to strategically invest in technology and processes that align and comply with the Cures Act’s mandates whilst capitalizing on other secondary but important benefits.

Successful legacy data management will benefit your patients, your clinicians and support staff, and help protect your organization from being accused of Information Blocking.

How to prevent your legacy applications from Information Blocking

With almost 30 years of experience and supporting over 1,200 healthcare organizations worldwide, BridgeHead Software has the knowledge, expertise, and tools required to ensure your hospital remains compliant with HIPAA, the 21st Century Cures Act and, importantly, the Information Blocking Rule.

HealthStore®, from BridgeHead Software, is a real-time, FHIR-enabled Clinical Data Repository (CDR) designed to consolidate, store, protect, and share healthcare data, whether from legacy systems or from live applications.

With HealthStore, you can extract data from your legacy systems, ingest it into the CDR where it is stored efficiently and intelligently and fully protected and recoverable in the event of a cyberattack, corruption, outage, or more significant disaster. Once in HealthStore, your clinical teams will have full access to a 360-degree view of your patient data; easy to search and retrieve by those that need it, when they need it, at the point of care. No more departmental silos; no more Information Blocking or barriers to access, collaboration, and sharing; and all this available within your current workflows, whether directly from your EHR, clinical portal, or other healthcare applications.

Importantly, once you have migrated your legacy data into HealthStore, you can effectively decommission your source legacy application, saving cost, time, resource, while reducing the threat of cyberattack.

If you are interested in learning more on how BridgeHead’s HealthStore can help you meet your obligations under the 21st Century Cures Act and prevent Information Blocking…


Recently joining BridgeHead in 2023, Rob Damiani is the Senior Director of National Sales (North America). Rob Damiani brings over 26 years in Healthcare IT sales, specialising in AI, medical imaging and informatics.


He was formerly the US Sales Director at Gleamer, Inc., where he helped the company grow its AI footprint and US market share by offering cloud-based and on-premise AI workflow solutions to radiology, ED and Urgent Care Centers. Prior to that, Rob held senior sales positions at Quantib, Icometrix, and other healthcare vendors.