The Department of Health and Human Services announced on Wednesday that it is cracking down on providers and other entities that engage in information blocking practices that limit easy access to patients’ electronic health record data.
“Today’s announcement is a warning to actors still engaging in information blocking to come into compliance with the rules governing the flow of patient information and a call to action for patients, providers, payers, local health departments, and health IT companies to report alleged information blocking,” the department said.
HHS plans to take “an active enforcement stance” against health care entities involved in data blocking, with agency components working together to penalize those found to be in violation of current law.
The 21st Century Cures Act, signed into law by President Barack Obama in December 2016, required that EHR-stored patient data be “accessed, exchanged and used without special effort through the use of application programming interfaces.”
The law prohibited information blocking and empowered the HHS Office of Inspector General to review whether entities engaged in the illegal activity. There are eight specific exceptions to this requirement.
The agency said its Office of the Assistant Secretary for Technology Policy/Office of the National Coordinator for Health IT — or ASTP/ONC — will lead enforcement efforts with the HHS OIG.
“Patients must have unfettered access to their health information as guaranteed by law. Providers and certain health IT entities have a legal duty to ensure that information flows where and when it’s needed,” acting HHS Inspector General Juliet Hodgkins said in a statement. “HHS-OIG will deploy all available authorities to investigate and hold violators accountable. We are committed to enforcing the law and protecting patients’ access to health information.”
In a separate enforcement alert released on Thursday, HHS said OIG could impose civil monetary penalties of up to $1 million per violation on entities, such as health IT providers and health information networks and exchanges, found to be engaged in information blocking.
“OIG will prioritize enforcement where practices cause patient harm, significantly impact or impair a provider’s ability to deliver patient care, are of long duration, or cause financial loss to Federal health care programs or other Government or private entities,” the alert said.
In addition, the agency said ASTP/ONC “can ban a developer of certified health IT that information blocks from the ONC Health IT Certification Program and may also terminate the certification of health IT involved in information blocking.”
Although HHS’ announcement said “information blocking was not a priority under the Biden Administration,” Micky Tripathi — then-ASTP/ONC head and the agency’s acting chief artificial intelligence officer — wrote in an October 2024 blog post that the department was taking a series of steps to crack down on bad actors.
He said this included implementing “a more rigorous review process for API documentation,” enhancing engagement with developers, offering new education resources and improving feedback channels so patients and providers can information blocking issues.
Between April 5, 2021 and September 30, 2024, Tripathi said HHS received 1,095 information blocking claims through its submissions portal, with the majority of these claims filed by patients.
“What is abundantly clear is that it is behavior, rather than technology, that is far and away the biggest impediment to progress,” he wrote at the time.
