EMR Interoperability Requirements for PT Practices 2025: What You Need to Know

The 21st Century Cures Act changed everything about how healthcare data must flow between systems. For physical therapy practices, these aren’t optional recommendations - they’re mandatory federal requirements backed by penalties reaching up to $1 million per violation. Yet many practices remain unaware of what compliance actually means or whether their current EMR meets 2025 standards.

Here’s the uncomfortable truth: 84% of physical therapy and rehabilitation organizations cite interoperability challenges as a key barrier to effective care coordination, according to the 2025 Black Book Research Survey. Many practices are discovering their legacy EMR systems - especially older desktop software - simply cannot comply with current interoperability mandates.

This isn’t just a technical problem. It’s a regulatory compliance issue that exposes practices to federal penalties, a competitive disadvantage as referring physicians expect seamless data exchange, and a barrier to delivering coordinated patient care. This comprehensive guide explains exactly what EMR interoperability requirements your practice must meet in 2025, the penalties for non-compliance, and how to evaluate whether your current system measures up.

What is Interoperability and Why Physical Therapists Can’t Ignore It

Interoperability means different healthcare computer systems can exchange patient data and use that information seamlessly - regardless of how each system stores information internally. Think of it as universal translation for medical records.

For physical therapy practices, interoperability enables:

Receiving Referrals Electronically: When an orthopedic surgeon refers a knee replacement patient for post-operative PT, your EMR should automatically receive the surgical notes, pre-operative imaging, medication list, comorbidities, and prescribed therapy protocol - no faxing, no phone calls, no manual data entry.

Sending Progress Updates: Your detailed PT progress notes should flow back to referring physicians without you manually printing, faxing, or scanning. Referring providers see real-time updates on patient functional improvements, attendance compliance, and outcomes.

Care Coordination Across Providers: When your patient with chronic low back pain sees their primary care physician, pain specialist, and physical therapist, all three providers should access a unified view of treatments, medications, and outcomes. This prevents dangerous medication interactions, redundant testing, and conflicting treatment approaches.

Patient Access to Their Own Data: Patients should access their complete therapy records through an app or patient portal at no cost, share that data with any provider they choose, and download it in a computable format.

Population Health and Quality Reporting: Practices participating in Medicare’s Merit-based Incentive Payment System (MIPS) or Accountable Care Organizations (ACOs) need to extract and report quality metrics. Interoperability enables automated reporting instead of manual chart review.

Why Interoperability Became Mandatory

For decades, healthcare operated with incompatible computer systems that hoarded patient data. Electronic medical records were “electronic” but not truly connected. Patients couldn’t access their own records. Providers couldn’t easily share information.

This data fragmentation:

Caused medical errors from incomplete information
Forced patients to repeat tests unnecessarily
Created friction in referral relationships
Increased healthcare costs through inefficiency
Made patients feel their data was held hostage by providers

Congress passed the 21st Century Cures Act in 2016 to break down these barriers. The law’s information blocking provisions took full effect in 2020, with enforcement ramping up significantly in 2024 and 2025.

The Bottom Line: Interoperability is no longer optional for practices using certified electronic health record technology. It’s federal law.

The 21st Century Cures Act: What PT Practices Must Know

The 21st Century Cures Act created sweeping requirements around electronic health information (EHI) access, exchange, and use. Here’s what physical therapy practices must understand.

What Qualifies as Electronic Health Information (EHI)

EHI is broader than Protected Health Information (PHI) under HIPAA. It includes any electronic patient information maintained by your practice, including:

Demographics (name, address, birthdate, contact information)
Clinical notes (evaluations, progress notes, daily notes, discharge summaries)
Treatment plans and goals
Assessment scores and outcome measures (LEFS, QuickDASH, Oswestry, etc.)
Vital signs and measurements (range of motion, strength testing, gait analysis)
Medications and allergies
Diagnostic test results (imaging reports, lab values)
Insurance and billing information
Consent forms and advance directives
Therapy notes (PT, OT, speech therapy)

Essentially, if your EMR stores it electronically, it qualifies as EHI.

The Information Blocking Rule: What’s Prohibited

The Cures Act prohibits “information blocking” - practices that healthcare providers, health IT developers, or health information exchanges/networks engage in that they know are likely to interfere with access, exchange, or use of electronic health information.

For PT practices, information blocking includes:

Refusing Patient Data Requests: A patient asks for a copy of their complete therapy records to share with a surgeon evaluating them for joint replacement. Your practice cannot:

Refuse to provide the data
Delay providing the data without reasonable justification
Charge excessive fees (beyond reasonable, cost-based fees for labor)
Provide data in unusable formats (like image-only PDFs when structured data exists)
Require the patient to pick up records in person when electronic delivery is possible

Blocking Provider-to-Provider Exchange: An orthopedic surgeon sends your practice an electronic referral with patient records through a Health Information Exchange (HIE). Your EMR cannot:

Refuse to accept the incoming data
Make it unnecessarily difficult to access received data
Prevent you from sending progress updates back electronically

Contractual Restrictions: Your EMR vendor cannot include contract terms that prevent:

Patients from accessing their data through third-party apps
You from exporting data if you switch EMR systems
Interoperability with competing EMR systems

Deliberate Functionality Barriers: Your EMR vendor cannot intentionally design systems that make data exchange difficult through:

Unreasonable API access restrictions
Deliberately incompatible data formats
Performance throttling that makes data exchange impractically slow
Refusing to support industry-standard interoperability protocols

Eight Legal Exceptions to Information Blocking

The rule isn’t absolute. Eight specific exceptions allow practices to limit information access without violating the law:

Preventing Harm: You can refuse information if disclosure would cause substantial harm to the patient or another person
Privacy: You can withhold information to comply with privacy laws (psychotherapy notes, substance abuse records)
Security: You can implement reasonable security practices that may limit access
Infeasibility: You can decline requests that are infeasible to fulfill (unclear requests, requests beyond your technical capability)
Health IT Performance: You can temporarily limit access to maintain system performance during maintenance
Content and Manner: You can specify how and when data is accessed within reason
Fees: You can charge reasonable, cost-based fees for fulfilling requests
Licensing: You can limit access required by law (e.g., restricting access to licensed providers only)

Important: These exceptions are narrowly defined. Simply claiming an exception doesn’t shield you from information blocking allegations. You must document why the exception applies.

Information Blocking Penalties: How Much Practices Risk

Information blocking violations carry serious financial consequences that escalated dramatically in 2024-2025.

Penalties for Health IT Developers

If your EMR vendor (health IT developer) engages in information blocking, the HHS Office of Inspector General (OIG) can impose civil monetary penalties up to $1,000,000 per violation.

This affects you because:

Vendor penalties may lead to your EMR losing ONC certification (making it unusable for MIPS reporting)
Vendors facing penalties may go out of business or discontinue products
Vendor information blocking can disrupt your practice operations

Penalties for Healthcare Providers (Including PT Practices)

On July 1, 2024, CMS and ONC published a final rule establishing disincentives for healthcare providers found in violation of information blocking. These penalties became effective July 31, 2024, with enforcement actively underway in 2025.

For Physical Therapists Participating in MIPS:

If OIG determines your practice engaged in information blocking, you receive a zero score under Medicare’s Merit-based Incentive Payment System (MIPS) for the Promoting Interoperability performance category.

A zero Promoting Interoperability score significantly reduces your overall MIPS score, potentially triggering:

Negative payment adjustments (up to -9% of Medicare Part B payments in 2025)
Loss of positive payment adjustments you would have otherwise earned
Reputational damage from poor MIPS performance

Timeline example: If OIG makes an information blocking determination against your practice in 2025, the MIPS penalty would apply to your 2027 payment year.

For Practices Participating in ACOs:

If your practice participates in a Medicare Shared Savings Program (MSSP) Accountable Care Organization, information blocking findings can result in:

Removal from the ACO’s participation list for at least 1 year
ACO application denial for at least 1 year if you try to join a different ACO

This severs your relationship with the ACO and eliminates shared savings payments that can represent 15-30% of total Medicare revenue for participating practices.

For Hospitals and CAHs (less relevant for most PT practices):

Hospitals found guilty of information blocking lose “meaningful EHR user” status, resulting in:

Loss of 75% of annual market basket increase (inflation adjustments to Medicare payments)
Median disincentive of $394,353 per hospital

Important Protections for Practices

The final rule includes key protections:

No Vendor-Attributed Penalties: You won’t be penalized for information blocking conduct caused by your EMR vendor. If your vendor’s system limitations prevent data exchange, you’re not liable - but the vendor faces penalties.

No Double Penalties: If you participate in multiple CMS programs (MIPS + ACO), you face only one penalty, not duplicate penalties across programs.

OIG Investigation Focus: OIG prioritizes investigating information blocking cases that:

Caused or had potential to cause patient harm
Significantly impacted other providers’ ability to deliver care
Occurred over extended time periods
Caused financial losses to federal programs or private entities

Enforcement Reality Check: September 2025 Crackdown

On September 3, 2025, HHS Secretary Robert F. Kennedy Jr. announced a major enforcement escalation, directing HHS to “increase resources dedicated to curbing information blocking” with a “zero tolerance” approach.

This announcement signals:

More aggressive enforcement of existing rules
Higher investigation volume from OIG
Faster penalties for confirmed violations
Broader scrutiny of both providers and health IT vendors

Bottom Line: Information blocking penalties are no longer theoretical. They’re being actively enforced with substantial financial consequences. Practices must ensure their EMR systems and internal policies comply with interoperability requirements.

FHIR, HL7, and API Standards: Demystifying the Technical Requirements

Let’s break down the technical standards your EMR must support, translated into plain English.

What is HL7?

Health Level Seven (HL7) is a set of international standards for transferring clinical and administrative data between software applications used by healthcare providers.

Think of HL7 as the grammar and vocabulary healthcare systems use to communicate. Just like English and Spanish have different rules for constructing sentences, healthcare systems need agreed-upon rules for organizing patient data so different systems can understand each other.

HL7 has evolved through multiple versions:

HL7 v2: Legacy messaging standard (still widely used but outdated)
HL7 v3: Complex standard that never gained widespread adoption
HL7 FHIR: Modern standard that’s now federally mandated

What is FHIR (Fast Healthcare Interoperability Resources)?

FHIR (pronounced “fire”) is the latest HL7 standard and represents a dramatic simplification of healthcare data exchange. The 21st Century Cures Act mandates that certified EMRs support FHIR Release 4.0.1 or higher as of 2025.

Why FHIR Matters for PT Practices:

It Uses Modern Web Technology: FHIR is built on the same RESTful API architecture that powers apps like Uber, Amazon, and banking apps you use daily. This makes it far easier for developers to create healthcare integrations.

It’s Modular: FHIR breaks down patient data into small, flexible building blocks called “Resources” - like Patient, Encounter, Observation, Medication, Procedure, etc. Systems can exchange just the specific resources needed rather than entire patient charts.

It Supports Real-Time Exchange: Unlike older standards that used batch file transfers, FHIR enables real-time queries. When a referring physician needs your patient’s latest progress note, their system can request it instantly through a FHIR API.

It Enables Patient-Facing Apps: FHIR + SMART on FHIR (discussed below) allows patients to use third-party apps to access their health data across multiple providers.

What Are APIs and Why They’re Required

API stands for Application Programming Interface. In healthcare, APIs are the “doorways” through which other systems can access patient data stored in your EMR.

The Cures Act mandates that certified EMRs provide:

Patient Access API: A standardized FHIR-based API that allows patients to access all their EHI through third-party apps of their choice, at no cost.

Example: A patient downloads a personal health record app (like Apple Health or a third-party PHR). The app connects to your EMR’s Patient Access API, authenticates the patient’s identity, and downloads their complete therapy records - evaluations, progress notes, treatment plans, outcome measures, billing information - in a structured format the app can display.

Provider Access API: A FHIR-based API that enables other healthcare providers to request patient data electronically when authorized.

Example: A patient’s primary care physician queries your EMR to retrieve recent PT notes to inform diabetes management and fall risk assessment. Your EMR responds with relevant therapy documentation through the Provider Access API.

SMART on FHIR: The Patient Authorization Layer

SMART (Substitutable Medical Applications, Reusable Technologies) on FHIR is a security framework that works on top of FHIR APIs to handle patient authorization.

It uses OAuth2, the same security standard that allows you to “Sign in with Google” or “Sign in with Facebook” on websites. This ensures:

Patients control which apps can access their data
Patients can revoke app access anytime
Apps can only access data the patient explicitly authorized
Strong authentication protects against unauthorized access

Why This Matters: SMART on FHIR prevents a security nightmare where patient health apps could access data without patient knowledge. It puts patients in control while maintaining HIPAA compliance.

USCDI: What Data Must Be Exchangeable

The United States Core Data for Interoperability (USCDI) defines the minimum set of data elements that must be available through APIs.

USCDI v3 became mandatory on December 31, 2025. This means certified EMRs must support APIs that provide access to at least these data classes:

Demographics:

Name, address, birthdate, phone, email
Sex, gender identity, sexual orientation
Race, ethnicity, preferred language

Clinical Notes:

Consultation notes, discharge summary notes, history & physical, imaging narratives
Therapy notes (PT, OT, speech)
Progress notes, procedure notes

Medications:

Current and historical medication lists
Medication allergies

Problems/Diagnoses:

Active problem lists
Encounter diagnoses
Health concerns

Procedures:

Procedure history
Physical therapy interventions and modalities

Vital Signs & Assessments:

Blood pressure, heart rate, height, weight, BMI
Physical therapy-specific measures: Range of motion, strength testing, functional assessments
Smoking status, alcohol use, substance use

Laboratory Results:

Lab values and reports

Immunizations:

Immunization history

Clinical Test Results:

Diagnostic imaging reports

Care Team Members:

Current care team
Ordering and referring providers

Health Insurance Information:

Coverage information
Subscriber and beneficiary details

Unique Device Identifiers:

Implantable devices

Goals and Preferences:

Patient health goals
Treatment preferences
Care experience preferences

USCDI v4 (optional as of 2025, will likely become mandatory by 2027-2028) adds 20 additional data elements including substance use assessments, treatment intervention preferences, and medication adherence.

What This Means for PT Practices: Your EMR must support APIs that provide structured access to at least USCDI v3 data elements relevant to your practice. This primarily includes demographics, clinical notes (therapy documentation), medications, diagnoses, procedures, vital signs/assessments, and care team information.

Small Practices vs Large Health Systems: Do Requirements Differ?

This is a critical question for small PT practices: are interoperability requirements the same for solo practitioners and multi-provider groups as they are for hospital systems?

The Short Answer: Requirements Are Based on EMR Certification, Not Practice Size

Interoperability requirements apply to certified health IT products, not directly to practices based on size. However, the practical implications differ.

If Your Practice Uses ONC-Certified EMR Technology:

Your EMR vendor must meet all interoperability requirements:

FHIR-based Patient Access APIs
FHIR-based Provider Access APIs
Support for USCDI v3 data elements
SMART on FHIR authorization
No information blocking practices

Whether you’re a solo practitioner or a 50-provider group, the EMR technology must meet the same standards.

If Your Practice Uses Non-Certified EMR Technology:

Some very small practices or specialty practices use simple practice management software that’s never been ONC-certified. These systems aren’t subject to the same technical API requirements because they were never certified in the first place.

However - and this is important - practices themselves are still subject to information blocking prohibitions regardless of EMR certification status.

You still cannot:

Refuse reasonable patient data requests
Charge excessive fees for data access
Deliberately impede data exchange with other providers
Contract with vendors that engage in information blocking

Practical Differences by Practice Size

Solo and Small Group Practices (1-5 Providers):

Advantages:

Smaller patient volume makes manual data exchange more feasible if EMR lacks full API capabilities
Less likely to be targeted for OIG information blocking investigations (though still possible)
May not participate in programs with information blocking penalties (if not in MIPS or ACOs)

Challenges:

Limited IT resources to evaluate EMR interoperability capabilities
Less negotiating power with EMR vendors
May be using older, non-compliant legacy systems
Often unaware of interoperability requirements until switching EMRs or facing patient complaints

What You Should Do:

Verify your EMR has ONC certification and supports required APIs
Establish clear policies for responding to patient data requests within 30 days
Document how you handle data exchange requests
Ensure you’re not locked into contracts that prevent data portability

Mid-Size Practices (6-20 Providers):

Advantages:

Enough resources to implement proper interoperability workflows
Can justify investing in modern, compliant EMR systems

Challenges:

More likely to participate in MIPS or ACOs, exposing you to information blocking penalties
Higher patient volumes make manual workarounds impractical
May have multiple locations requiring coordinated data exchange

What You Should Do:

Conduct formal interoperability assessment of current EMR
Request SOC2/ONC documentation from your EMR vendor
Implement structured policies for responding to data requests
Train staff on information blocking compliance
Consider participating in local Health Information Exchanges (HIEs)

Large Groups and Health Systems (20+ Providers):

Advantages:

Dedicated IT and compliance staff
Resources to implement sophisticated interoperability infrastructure
Negotiating power with EMR vendors

Challenges:

Higher visibility and scrutiny from regulators
More complex data exchange scenarios across multiple locations and specialties
Greater penalties if information blocking occurs at scale

What You Should Do:

Comprehensive interoperability strategy aligned with organizational goals
Dedicated compliance monitoring for information blocking
Regular audits of API performance and data exchange logs
Proactive participation in Health Information Exchanges
Patient education about data access rights

Medicare Participation Changes the Stakes

Whether information blocking penalties apply to your practice depends primarily on Medicare participation:

MIPS Participants: If you bill Medicare Part B and meet MIPS eligibility thresholds (typically $90,000+ in Medicare Part B billings or 200+ Medicare patients), information blocking violations result in zero Promoting Interoperability scores.

ACO Participants: If you’re part of a Medicare Shared Savings Program ACO, information blocking can remove you from the ACO.

Non-Medicare Practices: If you’re a cash-based PT practice or accept only commercial insurance (no Medicare), you face no direct CMS penalties for information blocking. However:

You’re still subject to federal information blocking prohibitions
Patients can file complaints with OIG
You may face civil lawsuits if patients can’t access their data
Commercial payers increasingly require interoperability

Bottom Line: Practice size matters less than Medicare participation status when assessing penalty risk. But all practices must comply with information blocking rules.

Real-World Benefits: Why Interoperability Helps PT Practices

Compliance talk can feel abstract. Let’s discuss concrete ways interoperability improves physical therapy practice operations and patient care.

Faster, Smoother Referrals

The Old Way: Orthopedic surgeon’s office faxes a PT referral. The fax is illegible, missing key information (surgical notes, imaging, precautions). Your front desk staff spends 20 minutes calling the surgeon’s office for clarification. The patient arrives for evaluation without necessary background information.

With Interoperability: Surgeon’s EHR electronically sends a structured referral containing patient demographics, diagnosis, surgical procedure details, post-operative protocol, precautions, expected outcomes, and insurance authorization - all automatically imported into your EMR before the patient’s first appointment. Your therapist reviews complete information in advance and begins treatment immediately with no delays.

Business Impact: Faster patient onboarding, reduced administrative burden, better clinical outcomes, stronger referral relationships with physicians who appreciate seamless collaboration.

Better Care Coordination and Outcomes

A 67-year-old patient with type 2 diabetes, obesity, and osteoarthritis sees:

Primary care physician managing diabetes and medications
Endocrinologist adjusting insulin regimen
You (physical therapist) treating knee OA and working on weight-bearing exercise progression

The Old Way: Each provider operates in a silo. The endocrinologist doesn’t know you’re pushing aggressive functional training. You don’t know the PCP recently prescribed a medication causing dizziness. The patient experiences a fall during gait training.

With Interoperability: You access the patient’s medication list showing the new prescription. You communicate with PCP through the EMR about fall risk. The endocrinologist sees your functional assessment data informing diabetes management goals. Care is coordinated, safer, and more effective.

Clinical Impact: Reduced medical errors, fewer adverse events, better patient outcomes, more efficient use of healthcare resources.

Patient Data Portability Builds Trust

Scenario: A patient moves across the state and needs to find a new PT practice near their new home.

The Old Way: The patient calls your office requesting records. Your staff prints 40 pages of documentation, scans it to PDF (or worse, faxes it), and emails it to the patient’s new provider. The new PT receives images of text documents that aren’t searchable or importable, requiring manual re-entry of patient history.

With Interoperability: The patient uses a personal health record app to download their complete therapy records as structured data from your Patient Access API. They authorize their new PT practice to access this data through the new practice’s EMR. The new provider imports the complete, structured history in seconds - assessments, outcome measures, treatment progressions, response to interventions - without any involvement from your staff.

Patient Experience Impact: Patients feel empowered and in control of their health data. They appreciate not having to navigate bureaucracy to access their own information. This builds trust and loyalty.

Automated Quality Reporting for MIPS

Physical therapists participating in MIPS must report quality measures. This traditionally required:

Manual chart review to identify eligible patients
Calculating measure performance rates
Entering data into MIPS submission portals

With Interoperability: Modern EMRs with FHIR APIs can automatically:

Identify patients meeting quality measure criteria
Extract relevant data elements (functional assessments, outcome measures, etc.)
Calculate performance rates
Submit data electronically to CMS

This transforms weeks of manual work into an automated background process.

Business Impact: Reduced administrative burden, higher quality reporting accuracy, better MIPS scores, increased Medicare payments.

Participation in Health Information Exchanges (HIEs)

Health Information Exchanges are regional or state networks that allow providers to query patient records across different healthcare organizations.

Example Use Case: A patient presents to your PT practice after a motor vehicle accident. They mention receiving emergency care at a nearby hospital but don’t remember details and didn’t bring discharge paperwork.

Through your EMR’s connection to the state HIE, you query the patient’s records and find:

Emergency department notes describing injuries
Imaging reports (X-rays, CT scans)
Medications prescribed
Referral orders for physical therapy
Follow-up instructions

This information shapes your initial evaluation and treatment plan without waiting for faxed records.

Clinical Impact: More informed clinical decision-making, reduced redundant imaging/testing, better patient safety.

Common Interoperability Challenges PT Practices Face

Despite federal mandates, 84% of PT and rehabilitation organizations still cite interoperability as a major barrier. Here’s why implementation remains difficult.

Challenge #1: Legacy EMR Systems Can’t Comply

Many physical therapy practices use EMR systems developed 10-15 years ago, often desktop-based software that was never designed for modern interoperability standards.

Common Problems with Legacy Systems:

No FHIR API support (may have older HL7 v2 interfaces at best)
Cannot support USCDI v3 data elements
Don’t offer patient-facing APIs for third-party apps
Lack SMART on FHIR authorization capabilities
Aren’t ONC-certified for current requirements

Desktop-based EMRs (installed on local computers rather than cloud-based) face particular challenges because:

They can’t easily expose APIs accessible over the internet
They require VPN access for external data exchange
They lack infrastructure for real-time data queries

What This Means: If your practice uses a legacy system, you face a decision:

Upgrade to a newer version (if your vendor offers ONC-certified versions)
Migrate to a different EMR that meets current interoperability requirements
Accept limited interoperability and potential information blocking risks

Challenge #2: Data Format Inconsistencies

Even when systems can exchange data, they often structure information differently.

Example: One EMR stores range of motion as:

“Knee flexion: 110 degrees”

Another stores it as:

Joint: Knee
Movement: Flexion
Measurement: 110
Unit: Degrees
Side: Left

A third stores it as free-text:

“Left knee flexion measured at 110°”

When these systems try to exchange data, information may not map correctly, leading to:

Loss of structured data (everything becomes unstructured text)
Misinterpretation of values
Inability to use data for quality reporting or analytics

Why This Happens: FHIR provides standards for exchanging data, but doesn’t dictate exactly how every possible clinical measurement must be coded. Different EMR vendors make different design choices.

Challenge #3: API Access Costs and Restrictions

While the Cures Act prohibits charging patients for data access, some EMR vendors impose restrictions that create practical barriers:

Per-Query API Fees: Some vendors charge per API call or limit free API queries to a certain volume. High-volume data requests may trigger fees.

Developer Restrictions: Vendors may require third-party app developers to complete complex certification processes, limiting which apps can connect to patient data.

Performance Throttling: Some vendors impose rate limits that make real-time data exchange impractically slow.

Documentation Barriers: Poor API documentation makes it difficult for developers to build integrations.

These restrictions may constitute information blocking if they’re unreasonable and lack a valid exception. However, proving “unreasonable” requires regulatory complaints and investigations.

Challenge #4: Incomplete Data Migration History

When you switch from one EMR to another, interoperability standards help - but migration remains complex.

Common Issues:

Historical notes from previous EMR exist only as PDF attachments, not structured data
Custom fields and templates from old EMR don’t have equivalents in new system
Outcome measure scores stored in proprietary formats don’t map to new system
Attachments (images, scanned documents) may exceed size limits for API transfer

Learn more about managing EMR migrations in our complete EMR switching guide.

Challenge #5: Staff Training and Workflow Changes

Implementing interoperability features requires staff to learn new workflows:

How to respond to patient API access requests
How to query Health Information Exchange (HIE) systems
How to review and incorporate external data received electronically
How to document in structured formats that support data exchange

Busy practices often lack time for comprehensive training, leading to underutilization of interoperability features even when technically available.

Challenge #6: Security and Privacy Concerns

Opening APIs for data exchange creates potential security risks:

Unauthorized access if authentication is weak
Third-party apps storing patient data insecurely
Patients inadvertently granting access to malicious apps

Practices must balance interoperability requirements with HIPAA security obligations. This requires:

Robust authentication (multi-factor authentication)
Clear patient education about third-party app risks
Regular security audits of API access logs
Business Associate Agreements with HIE vendors

Read our comprehensive guide to EMR security and HIPAA compliance.

How to Evaluate Your EMR’s Interoperability Capabilities

If you’re uncertain whether your current EMR meets 2025 interoperability requirements, use this evaluation framework.

Step 1: Verify ONC Certification Status

Check whether your EMR has current ONC (Office of the National Coordinator) Health IT Certification.

Where to Look:

Visit the ONC Certified Health IT Product List (CHPL)
Search for your EMR product by vendor name or product name
Verify the certification is current (not expired) and covers the “2015 Edition Cures Update” criteria

What to Check:

Certification date (should be recent)
Certification edition (should be “2015 Edition Cures Update”)
Specific criteria certified (should include FHIR API requirements)

Red Flag: If your EMR doesn’t appear on the CHPL, it’s not ONC-certified and definitely doesn’t meet interoperability requirements. You’ll need to switch EMRs if you participate in MIPS or other programs requiring certified technology.

Step 2: Request API Documentation from Your Vendor

Contact your EMR vendor and ask for:

FHIR API documentation: Technical specifications for Patient Access API and Provider Access API
SMART on FHIR implementation details: How patient authorization works
USCDI compliance documentation: Which USCDI data elements are supported
API rate limits and restrictions: Any limitations on API usage
Patient portal capabilities: How patients access their data electronically

Good Signs:

Vendor promptly provides comprehensive documentation
Documentation is clear and references standard FHIR resources
Vendor offers developer sandbox for testing API integrations
Patient portal includes option to connect third-party apps

Red Flags:

Vendor can’t provide API documentation
Vendor says APIs are “coming soon” (for years)
Documentation describes only HL7 v2 interfaces (outdated standard)
Vendor claims proprietary formats are “just as good as FHIR”
No patient-facing API exists

Step 3: Test Patient Data Export

Conduct a real-world test of data portability:

Log into your EMR’s patient portal (or have a test patient do so)
Attempt to download a complete patient record in structured format
Try connecting a third-party personal health record app (like Apple Health) to your patient portal

What Should Happen:

Patient can easily request and receive complete health records
Data is provided in structured format (C-CDA or FHIR JSON), not just PDF
Third-party apps can connect through SMART on FHIR authorization
Data is available at no cost to the patient
Export includes all USCDI data elements relevant to your practice

Red Flags:

No patient portal exists
Portal only provides PDFs of visit summaries, not complete records
No option to export structured data
No option to connect third-party apps
Export requires contacting your office (not self-service)

Step 4: Review Your Contracts and Policies

Examine your EMR vendor contract for information blocking red flags:

Prohibited Contract Terms:

Clauses preventing you from exporting data if you switch EMRs
Requirements to pay excessive fees for data migration assistance
Restrictions on using APIs for legitimate data exchange
Prohibitions on connecting to competing systems or HIEs

What You Should Have:

Clear data ownership language (you own your data)
Documented data export process for switching vendors
Reasonable data export fees (if any)
No restrictions on patient data access through third-party apps

Review your internal practice policies:

Do you have written procedures for responding to patient data requests?
Are staff trained on responding within required timeframes?
Do you document data access requests and responses?
Have you designated a staff member responsible for interoperability compliance?

Step 5: Assess Actual Interoperability Usage

Technical capability means nothing if features aren’t actually used. Evaluate:

Are You Receiving Electronic Referrals?

From which referring providers?
Through what mechanism (direct EMR integration, HIE, other)?
What percentage of referrals come electronically vs. fax?

Are You Sending Electronic Progress Updates?

Do referring providers receive your PT notes automatically?
Or do you still fax/mail progress reports?

Are Patients Using Data Access Features?

How many patients have accessed your patient portal in the past year?
How many have downloaded their health records?
Have any patients connected third-party apps?

Are You Connected to Health Information Exchanges?

Does your practice participate in state/regional HIEs?
Have you queried patient records from other providers through an HIE?
Do you make your records available through HIEs?

Low utilization often indicates:

Features exist but aren’t user-friendly
Staff lack training on how to use interoperability tools
Referring providers don’t know you can exchange data electronically
Patients aren’t aware of data access options

Questions to Ask EMR Vendors About Interoperability

If you’re evaluating new EMR systems or questioning your current vendor, ask these specific questions:

ONC Certification and Compliance

Is your EMR ONC-certified under the “2015 Edition Cures Update” criteria? (Request proof via CHPL listing)
Do you support FHIR Release 4.0.1 or higher for Patient Access and Provider Access APIs?
Which USCDI version do you support? (Should be v3 minimum as of December 2025)
When will you support USCDI v4?

API Functionality

Can patients access their data through third-party apps using SMART on FHIR authorization?
What FHIR resources (data types) do your APIs support? (Should include Patient, Encounter, Condition, Procedure, Observation, DocumentReference at minimum)
Are there rate limits, query restrictions, or fees for API access?
How do you handle bulk data export requests from patients?

Data Portability

If we decide to switch to a different EMR, what’s the data export process?
What formats can you export data in? (Should include C-CDA, FHIR JSON, and/or CSV)
Are there fees for data export or migration assistance? (Reasonable fees are acceptable; excessive fees may constitute information blocking)
Will you assist with data migration to our new vendor?

Health Information Exchange

Do you integrate with Health Information Exchanges (HIEs)? Which ones?
Can we query patient records from other providers through your EMR?
Do you support Carequality or CommonWell for nationwide interoperability? (Two major national interoperability frameworks)

Security and Compliance

How do you ensure API access is secure and HIPAA-compliant?
What authentication methods do you support? (Should include multi-factor authentication)
How are patient authorization and consent managed for third-party app access?
Do you maintain audit logs of all API access?

Information Blocking Policies

Do you have a documented policy against information blocking?
Has your company ever been investigated or penalized for information blocking?
How do you ensure your contract terms don’t constitute information blocking?

How Vendors Should Respond:

Good answers are specific: “Yes, we’re ONC-certified under 2015 Edition Cures Update criteria, certificate #1234567, supporting FHIR R4.0.1 with USCDI v3. Here’s our CHPL listing and API documentation.”

Bad answers are vague: “We take interoperability seriously and comply with all regulations.”

Red flag answers: “Those regulations don’t apply to PT practices,” or “We’re working on FHIR APIs but they’re not available yet.”

Timeline for Compliance and Enforcement

Understanding enforcement timelines helps you prioritize compliance efforts.

What’s Already in Effect (2025)

April 5, 2021: Information blocking provisions took effect. Practices and vendors were prohibited from information blocking (though enforcement was limited initially).

December 31, 2022: Mandatory support for USCDI v1 and FHIR-based APIs for patient access.

December 31, 2023: Deadline for EHR developers to implement functionality for patients to request and receive complete electronic copies of their EHI.

January 1, 2024: USCDI v2 became required minimum standard.

July 31, 2024: CMS information blocking penalties took effect for healthcare providers. OIG began investigating providers.

December 31, 2025: USCDI v3 becomes mandatory. USCDI v1 no longer accepted for certification maintenance.

2025 (ongoing): HHS enforcement escalation announced September 2025 with increased OIG resources dedicated to information blocking investigations.

What’s Coming Next (2026-2028)

January 1, 2026: USCDI v3 fully replaces earlier versions; EMRs must be certified for v3 to maintain certification.

2026 (estimated): USCDI v4 may become required for new certifications (not yet finalized).

2027-2028: Additional HTI-2 (Health Data, Technology, and Interoperability) proposed rule requirements may take effect, potentially including:

More stringent API performance standards
Support for additional FHIR resources
Enhanced decision support transparency
Predictive algorithm documentation requirements

Enforcement Intensity Is Increasing

Early years (2021-2023) saw limited enforcement as regulators focused on education and allowing implementation time.

Current phase (2024-2025) marks aggressive enforcement:

OIG is actively investigating complaints
CMS penalties are being assessed
Information blocking is a HHS priority

Expect continuing escalation with:

Higher investigation volumes
More public information blocking determinations
Increased penalties
Broader scrutiny of vendor practices

Bottom Line: Compliance isn’t something to defer. Practices using non-compliant systems should prioritize migration before enforcement reaches them.

Cost Implications: Upgrading vs. Staying Non-Compliant

Let’s analyze the financial realities of compliance.

Costs of Staying with Non-Compliant Systems

Information Blocking Penalties:

MIPS Promoting Interoperability zero score = up to -9% Medicare Part B payment adjustment
For a practice generating $300,000 in annual Medicare Part B revenue, that’s a $27,000 annual penalty
Penalties apply year after year until compliance is achieved

Lost ACO Revenue:

Removal from ACO participation eliminates shared savings payments
ACOs typically generate 15-30% additional revenue on Medicare patients
For practices heavily invested in ACO participation, this can represent $50,000-$150,000+ in lost annual revenue

Competitive Disadvantage:

Referring physicians increasingly prefer PT practices with electronic data exchange
Practices that require fax-based referrals create friction that steers referrals to competitors
Estimated impact: 5-10% referral volume decline over 2-3 years

Patient Dissatisfaction:

Patients expect digital health data access
Practices making data access difficult lose patients to competitors
Hard to quantify but real impact on patient retention

Staff Inefficiency:

Manual workarounds for data exchange consume staff time
Estimated 2-4 hours per week per provider spent on manual data requests, faxing, phone calls
At $25/hour staff time, that’s $2,600-$5,200 annual waste per provider

Total Annual Cost of Non-Compliance (5-provider practice):

MIPS penalties: $27,000
Staff inefficiency: $13,000-$26,000
Competitive referral loss: Hard to quantify, but material
Total: $40,000-$53,000+ annually, plus reputational damage

Costs of Upgrading to Compliant Systems

EMR Migration Costs:

Implementation/migration fees: $15,000-$70,000 for small practices (often waived by modern vendors)
Staff training time: 20-40 hours per provider
Productivity dip during transition: 20-30% for 2-3 months

Ongoing Software Costs:

Modern cloud-based EMRs: $79-$150 per provider per month
For 5-provider practice: $4,740-$9,000 annual software cost

Interoperability-Specific Costs:

HIE participation fees: $1,000-$10,000 per year (optional)
Additional integrations: Variable

Total First-Year Upgrade Cost (5-provider practice):

Software subscription: $4,740-$9,000
Migration/implementation: $0-$70,000 (varies widely; many vendors now waive these)
Training time: Internal cost
Total: $5,000-$80,000 depending on vendor and migration complexity

However, many modern EMR vendors (including Proactive Chart) offer:

No implementation fees
Free data migration assistance
Included training
No long-term contracts

This reduces first-year costs to just the annual software subscription ($4,740-$9,000 for 5 providers), making compliance highly affordable.

Return on Investment: Compliance Pays for Itself

Year 1:

Avoid MIPS penalties: +$27,000
Reduce staff inefficiency: +$13,000-$26,000
Software cost: -$5,000-$9,000
Net benefit: $31,000-$48,000

Year 2+:

Continuing penalty avoidance and efficiency gains
Better referral relationships may increase patient volume 5-10%
Improved patient satisfaction and retention
Automated quality reporting

Payback Period: Immediate to 3 months in most scenarios.

Bottom Line: Staying with non-compliant systems is dramatically more expensive than upgrading. Compliance is an investment that quickly pays for itself through penalty avoidance and operational efficiency.

How Proactive Chart Ensures Interoperability Compliance

At Proactive Chart, interoperability isn’t an afterthought or add-on feature - it’s built into our platform from the ground up.

Full ONC Certification: Proactive Chart is certified under the ONC Health IT Certification Program for 2015 Edition Cures Update criteria, including all required interoperability specifications. View our CHPL listing for complete certification details.

FHIR R4 APIs with USCDI v3 Support: We provide fully compliant FHIR Release 4.0.1 APIs supporting both Patient Access and Provider Access use cases. All USCDI v3 data elements relevant to physical therapy practices are available through our APIs, including:

Complete therapy documentation (evaluations, progress notes, discharge summaries)
Patient demographics and insurance information
Diagnoses and problem lists
Procedures and interventions
Functional assessments and outcome measures
Care team information
Medications and allergies

SMART on FHIR Patient Authorization: Patients can connect third-party health apps (personal health records, Apple Health, fitness apps) to their Proactive Chart patient portal through standardized SMART on FHIR authorization. Patients control which apps can access their data and can revoke access anytime.

Zero Information Blocking: Our company policy and contracts explicitly prohibit information blocking practices:

Patients can access and export complete records at no cost anytime
No contractual restrictions on switching to other EMRs
Full data export in multiple formats (FHIR JSON, C-CDA, CSV, PDF) available on request
We never hold your data hostage

Learn more about our data portability commitment and how easy it is to export your data.

Health Information Exchange (HIE) Integration: Proactive Chart connects to major Health Information Exchanges, enabling:

Query patient records from other providers and hospitals
Share your PT documentation with referring physicians electronically
Participate in regional care coordination networks

Transparent Pricing with No Hidden Fees: Unlike modular pricing where APIs and interoperability features cost extra, Proactive Chart includes full interoperability capabilities in our base subscription:

All features included for $79-$99/month per provider
No implementation fees
No API access fees
No per-transaction charges for data exchange
No surprise charges for USCDI updates

Migration Assistance for Practices Switching from Non-Compliant EMRs: We understand many practices need to migrate from legacy systems that can’t meet interoperability requirements. Our team provides:

Free data migration consultation
Assistance working with your old vendor to extract data
Field mapping and data transformation
Testing to ensure no data loss
Training on using interoperability features

Security and HIPAA Compliance: Interoperability doesn’t compromise security. Proactive Chart maintains:

SOC2 Type II certification with annual third-party audits
HIPAA-compliant infrastructure with encrypted data transmission and storage
Multi-factor authentication for all user accounts
Comprehensive audit logging of all data access
Business Associate Agreements with all customers

Read our complete security overview.

Proactive USCDI Updates: As USCDI evolves (v4, v5, etc.), we proactively update our systems to support new data elements before they become mandatory. You never pay extra for compliance updates.

No-Risk Trial: Try Proactive Chart’s full interoperability features during a free trial. Test API functionality, patient data export, and HIE connectivity before committing.

Your EMR Interoperability Action Plan

Here’s your step-by-step roadmap to ensuring compliance:

This Week: Assess Your Current Situation

Verify whether your EMR is ONC-certified by checking the CHPL database
Review your EMR vendor contract for information blocking red flags
Test patient data export from your patient portal (if you have one)
Check whether your practice participates in programs with information blocking penalties (MIPS, ACOs)

This Month: Document Compliance Gaps

Request API documentation and USCDI compliance information from your EMR vendor
Contact your vendor about their interoperability roadmap if current capabilities are inadequate
Review your internal policies for responding to patient data requests
Train staff on information blocking compliance basics
Calculate your financial risk from non-compliance (MIPS penalties, lost revenue, etc.)

This Quarter: Create Your Compliance Strategy

If your EMR meets requirements:

Implement workflows to actually use interoperability features
Consider joining local Health Information Exchanges
Educate referring physicians about electronic data exchange capabilities
Promote patient portal and data access features to patients

If your EMR doesn’t meet requirements:

Request timeline from vendor for achieving compliance (if they’re working on it)
Begin evaluating compliant alternative EMR systems
Calculate total cost of ownership for staying vs. switching
Request demos from 2-3 alternative vendors

Within Six Months: Execute Your Plan

If switching EMRs:

Select new EMR vendor with proven interoperability compliance
Review our complete EMR switching guide for migration best practices
Request data export from current vendor
Schedule migration with minimal practice disruption
Train staff on new system with emphasis on interoperability features

If staying with current EMR:

Ensure vendor delivers promised interoperability updates
Implement documented processes for data access requests
Monitor OIG enforcement activity and adjust strategy if needed

Ongoing: Maintain Compliance

Conduct quarterly reviews of interoperability feature usage
Monitor regulatory changes (USCDI updates, new ONC requirements)
Document all patient data requests and responses for compliance audits
Review EMR vendor updates and feature releases
Assess whether HIE participation would benefit your practice

Key Point: Interoperability compliance isn’t a one-time project. It’s an ongoing commitment that requires attention to evolving standards and enforcement priorities.

Conclusion: Interoperability as Competitive Advantage

EMR interoperability started as a regulatory burden - another compliance checkbox for overwhelmed practice managers. But forward-thinking physical therapy practices are discovering interoperability creates genuine competitive advantages:

Stronger Referral Relationships: When referring physicians can exchange data seamlessly with your practice, you become their preferred PT partner. Orthopedic surgeons, sports medicine doctors, and primary care providers increasingly steer referrals to PT practices that eliminate friction through electronic data exchange.

Better Patient Experience: Patients notice when accessing their own health data is easy vs. bureaucratic. Practices offering modern patient portals with instant data access build trust and loyalty in an era where patients expect digital health experiences comparable to banking and shopping.

Operational Efficiency: Electronic data exchange eliminates hours of faxing, phone calls, and manual data entry. Your staff focuses on patient care instead of administrative busywork.

Higher Quality Outcomes: Coordinated care enabled by data sharing leads to better clinical outcomes. When you can review a patient’s complete medication list, recent lab work, and other providers’ notes before evaluation, you deliver more informed, safer care.

Compliance and Revenue Protection: Avoiding MIPS penalties and ACO exclusion protects revenue while demonstrating commitment to quality care.

Future-Proofing Your Practice: Healthcare is moving toward value-based care, population health, and data-driven quality measurement. Practices with strong interoperability capabilities position themselves to thrive as payment models evolve.

The choice is clear: Embrace interoperability as a strategic asset, or risk falling behind competitors who recognize data exchange as fundamental to modern physical therapy practice.

Is your EMR ready for 2025 interoperability requirements? Schedule a consultation with Proactive Chart to review your current compliance status. We’ll assess your interoperability gaps, explain migration options, and demonstrate how our fully compliant platform eliminates information blocking risks while improving practice efficiency.

Your practice deserves an EMR built for the interconnected future of healthcare - not trapped in the fragmented past.

Ready to switch to an interoperability-compliant EMR? Learn how easy it is to migrate from legacy systems or compare Proactive Chart to other PT EMR options.

Need to evaluate your current EMR’s security alongside interoperability? Read our complete guide to EMR data security and SOC2/HIPAA certification.

Solo practitioner concerned about compliance costs? See how small practices can afford compliant EMR systems.