Recorded Series: ONC’s Cures Act Info Blocking Rule: Compliance and Implementation Challenges

As patient health information travels to and from an increasing number of electronic medical record systems, health information exchanges, and smartphone applications, there are increasing compliance requirements for health care providers, including health centers.  The most recent requirements are found in the Office of the National Coordinator for Health Information Technology (ONC)’s “21st Century Cures Act:  Interoperability, Information Blocking and the ONC Health IT Certification Program” Final Rule (ONC’s Cures Act Final Rule).  Applicable to health care providers as of April 5th, the ONC’s Cures Act Final Rule: 

  • Requires health care providers to provide patients with access to their electronic health information (EHI) at no cost;  
  • Prohibits “information blocking” which includes practices that are likely to interfere with the access, exchange or use of EHI; and
  • Includes eight exceptions to information blocking – including exceptions for preventing harm to a patient or other person, protecting privacy and security, and infeasibility – under which a health care provider may prohibit access, exchange or use of EHI, if certain conditions are met.  

Patients (and other individuals and entities) can now report information blocking to the ONC, leading to investigations and potential penalties. 

This two-part webinar series includes two webinars and a discount on FTLF’s Confidentiality Toolkit which includes a new section on the ONC’s Cures Act Final Rule and updates to the related HIPAA Privacy Rule documents.  

In the first webinar, the presenters will provide an overview of the ONC’s Cures Act Final Rule, including:

  • An introduction to information blocking, including examples from health centers and other health care providers
  • Details of what electronic health information (EHI) must be made available
  • Discussion of the eight exceptions to information blocking, including details of the policies, procedures and documentation required to fit within applicable exceptions 

In the second webinar, the presenters will address key implementation challenges, including:

  • Whether and how to provide patient education about the privacy and security risks of third-party apps
  • Details of how to respond to information blocking complaints, including investigations by the federal government
  • Responses to frequently asked questions, such as:
    • Whether access to the patient portal is a request for access, exchange or use of EHI
    • What to do when various systems (electronic medical records, dental records systems, portals, etc.) prohibit or delay access to EHI
    • Strategies for complying with other privacy and security laws, including state laws protecting adolescent health records 

Target Audience

  • Compliance Officers and Risk Managers
  • HIPAA Privacy and Security Officers
  • Chief Information Officers
  • C-Suite Members
  • Site Managers

Learning Objectives

After this webinar series, attendees will be better able to:

  • Identify patient requests for their EHI and the requirements to respond under the ONC Cures Act Final Rule
  • Determine whether an exception to information blocking applies and develop documentation to support that conclusion
  • Develop informational resources for patients on the privacy and security of health apps
Course summary
Available credit: 
  • 2.00 Certificate of Attendance
Course opens: 
Course expires: 


A Partner in the firm’s health law practice group, Molly advises health centers on the management of clinical, employment and workforce related risks, with a particular focus on professional liability, Federal Tort Claims Act, and HIPAA matters. From her experience as both a private attorney and in-house counsel, Molly knows the importance of managing liability and risk issues in mission-driven organizations. [Full Bio]


As Partner and Compliance Counsel with the firm’s health law practice group, Dianne advises health centers on implementing effective compliance programs and on addressing top compliance risk areas. Dianne counsels health centers and other organizations on developing compliance programs that include the OIG’s seven elements, respond to identified compliance risk areas, and reflect the organization’s culture.  Dianne also advises health centers and other organizations on patient privacy and confidentiality, including the HIPAA Privacy Rule and 42 CFR Part 2.  She has experience responding to privacy and security incidents, including determining whether there has been a breach, notifying patients and the government, and creating corrective action plans. [Full Bio]

Certificates of Attendance: We verify attendance upon completion of a webinar (live or recorded version) and will only issue certificates in the name of the account holder enrolled in the course. If you need to document attendance for someone other than the account holder, we provide blank Certificates of Attendance for a supervisor to sign and certify that a different individual viewed the course. 

Group Attendance: Due to the online nature of webinars, we cannot verify participation by more than one person. For groups, we provide an attendance record form and blank Certificates of Attendance to record attendance at a group viewing session and document each individual's participation. We recommend that a supervisor or colleague sign the certificate to certify attendance. 

Read more about maintaining an attendance record in our FAQs.

Available Credit

  • 2.00 Certificate of Attendance
Please login or register to take this course.
Please login or register to take this course.


Please login or register to take this course.


Each recorded webinar in this series is available for 90 days after the date of purchase. Once posted to your account, you can view this webinar anytime on-demand during the access period identified in your purchase confirmation. For additional information on viewing and accessing webinars, view our full terms and conditions here.


If you pay by credit card or PayPal, you will be able to access the recorded webinar immediately (unless the live webinar has not yet occurred). If you pay by check, we will grant access to the recording when we receive your check. You will receive a confirmation email once access is granted. FTLF reserves the right to suspend access to the webinar if payment is not received within 30 days. For more information on payments and registration, please visit our FAQ page.


No refunds will be provided for recorded webinars. FTLF can transfer a registration to someone else within your organization or, provided you have not already viewed the webinar, transfer the registration to another on-demand program. Where the registration fee for the new webinar is higher, you must also pay the difference between the original course and the new course registration fee at the time of transfer. Administrative fees may also apply. If your organization purchased a webinar under the account of a staff member who no longer works for your organization, please Contact Us. View our full policy on refunds and cancellations here.

Required Hardware/Software

Google Chrome and Mozilla Firefox are the preferred browsers.