Your complete solution for the ONC Cures Act, Final Rule

Firely helps achieve stress-free compliance for the ONC’s Cures Act, Final Rule

The ONC Cures Act, Final Rule

The ongoing development of technology in the 21st century calls for regulations to protect people’s data while also setting up systems that enable individuals to get more value out of this information.

The 21st Century Cures Act Final Rule, issued in 2020 by the U.S. Department of Health and Human Services, is a part of the 21st Century Cures Act law from 2014.

The objective of the Cures Act Final Rule by ONC is straightforward – it emphasizes access and freedom of choice. Specifically, patients should have the ability to retrieve their electronic medical records without incurring extra expenses. Additionally, providers should have the freedom to select the appropriate IT tools that enable them to deliver optimal patient care, without encountering undue expenses or technical obstacles.

ONC timelines image

Improve the exchange of electronic health information (EHI)

The ONC Curest Act, Final Rule is designed to give patients and their healthcare providers secure access to health information. This includes four important provisions.

Information Blocking

Health IT developers and healthcare providers are prohibited from engaging in practices that prevent the sharing of EHI or make it difficult for patients to access their health information.


Health IT developers and healthcare providers must implement standardized data exchange protocols to ensure seamless and secure sharing of EHI across different systems and platforms.

API functionality

Health IT developers are required to implement APIs that allow patients to access and exchange their health information through third-party applications.


Health IT developers must certify their products to ensure they meet the technical and functional requirements outlined in the rule.

Important Certification criteria

Under the ONC Cures Act Final Rule, Health IT developers are required to certify their products through a certification program administered by an ONC-Authorized Certification Body (ONC-ACB). The certification process involves testing and evaluation of the product to ensure that it meets the technical and functional requirements of the rule. Certification helps to ensure that products are interoperable and they can communicate and exchange data with other systems in a standardized and secure way.

FEBRUARY 8, 2024

Health Data, Technology, and Interoperability:
Certification Program Updates, Algorithm
Transparency, and Information Sharing
(HTI-1) Final Rule

In this final rule, ONC implements provisions of the 21st Century Cures Act, makes updates to the ONC Health IT Certification Program (Certification Program) including new and updated standards, certification criteria, and implementation specifications in 45 CFR Part 170, establishes a new baseline version of the United States Core Data for Interoperability (USCDI), and provides enhancements to support information sharing through updates to the information blocking regulations.

DECEMBER 31, 2023

§170.315(b)(10) | Electronic health information export

The regulation for EHI export capabilities will become mandatory from December 31, 2023. Health IT Developers must enable users to create single export files containing all of the EHI produced and/or managed for a single patient on the platform at will. Health IT Developers must also be able to export this information for their entire database.

DECEMBER 31, 2022

§170.315(g)(10) | Standardized API for patient and population services

The standardized API for patient and population services is designed to enable patients to access their own health information and share it with other healthcare providers and applications securely and easily. It also enables healthcare providers to access population health data, allowing them to better manage the health of their patient populations

Drummond certified image

Firely Server is certified
for the ONC Cures Act Final Rule

Let’s discuss how Firely can help you to get certified!

The challenges for healthcare providers, health IT developers, and health information networks

  • Get certified under the Health IT Certification Program
    All Health IT developers must be certified for the ONC (Office of the National Coordinator for Health Information Technology) Cures Act Final Rule.
  • Think beyond implementing a FHIR Server
    It’s no longer about having a FHIR server. You need to consider the whole workflow and a complete set of solutions. Think about how you integrate a FHIR Server into the EHR, use the right plugins like SMART on FHIR and Bulk Data Export. 
  • Resources, high costs and the lack of knowledge
    The implementation of the Cures Act Final Rule requires significant financial resources and staff time, which may pose a challenge for smaller healthcare providers and organizations.
  • Make use of the momentum to investigate the options of FHIR beyond compliance
    FHIR has been adopted by many healthcare organizations and vendors worldwide. This means that there is a large and growing community of developers and users who can share resources and knowledge. Now is the time to make your business future-proof.

Discover the best FHIR tool on the market

Built by one of the initiators of FHIR

Icon Firely Server

Firely Server
ONC compliant FHIR server

Firely Server is our turn-key FHIR server created by one of the initiators of FHIR.
It contains all the features you need to be fully ONC compliant.

Firely Auth

Firely Auth is the authentication server that is seemlessly integrated with SMART on FHIR. Firely Auth is specifically configured to speak FHIR.

Bulk data export

With this plugin you can export bulk data in two ways: an asynchronous data export based on the FHIR Bulk Data Access (or “Flat FHIR”) Implementation Guide, or by using the Patient $everything Operation.


This plugin enables authentication based on the SMART on FHIR specification and allows you to integrate Firely Server with your own authentication and authorization system.

EHI Export

Create an export of all the electronic health information from the FHIR server.

Audit Logging

Firely Server can log access through the RESTful API for auditing purposes.

Logo ONC

Firely is certified under the Office of the National Coordinator for Health Information Technology’s (ONC) Health IT Certification Program. For more information go to the Mandatory Disclosures and API Documentation on our website.

Some interesting reads

How we helped Datalink meet the Final Rule deadline

DataLink connects stakeholders in the healthcare ecosystem to enable high-quality, cost-effective, value-based care. In this article we describe how Firely’s solutions and consultancy services helped the company solve an urgent issue with (g)(10) certification.

Logo Datalink

E-book: How to test Firely Server on Inferno

Inferno is an open-source tool to test if a FHIR server is compliant with the Standardized API for Patient and Population Services criterion §170.315(g)(10).

Download the guide for detailed instructions and screenshots on how to run 6 groups of tests on Inferno.  

Technical Documentation

In our Technical Documentation you will find additional resources you might find helpful, from one developer to another.

Ready to take the next step and be compliant with
ONC’s Cures Act Final Rule?

Let’s discuss how we can help you.

Rien Wertheim