Stay in the Know With ACC's Information Blocking Portal

Quick Links: About Information Blocking | Exceptions | Interoperability and Information Blocking Regulatory Updates From the HTI-1 Final Rule | Key Dates | ONC Releases HTI-2 Proposed Rule | How to Submit an Information Blocking Claim? | Information Blocking Compliance FAQs | Disincentives For Health Care Providers That Have Committed Information Blocking | Additional Resources and Tools

About Information Blocking

What Is Information Blocking?

According to the Office of the National Coordinator for Health IT (ONC), information blocking is a practice by an "actor" that is likely to interfere with the access, exchange or use of electronic health information (EHI), except as required by law or specified in an information blocking exception. The 21st Century Cures Act applied the law to health care providers, health information technology (IT) developers of certified health IT, and health information exchanges (HIEs)/health information networks (HINs).

This legislation also established two different "knowledge" standards for actors' practices within the statute's definition of "information blocking." For health IT developers of certified health IT as well as HIEs/HINs, the law applies the standard of whether they know or should know that a practice is likely to interfere with the access, exchange or use of EHI. For health care providers, the law applies the standard of whether they know that the practice is unreasonable and is likely to interfere with the access, exchange or use of EHI.

Exceptions

The ONC has created eight exceptions that outline activities that do not constitute information blocking by actors. These exceptions include:

  • Exceptions that involve not fulfilling requests to access, exchange or use EHI
    • Preventing Harm Exception
    • Privacy Exception
    • Security Exception
    • Infeasibility Exception
    • Health IT Performance Exception
  • Exceptions that involve procedures for fulfilling requests to access, exchange or use EHI
    • Content and Manner Exception
    • Fees Exception
    • Licensing Exception

View the ONC Information Blocking Exceptions Fact Sheet for more information about each available exception.

Interoperability and Information Blocking Regulatory Updates From the HTI-1 Final Rule

The ONC issued its final rule addressing Health Data, Technology, and Interoperability: Certification Program Updates, Algorithm Transparency, and Information Sharing (HTI-1) in late 2023, which continues to implement provisions of the 21st Century Cures Act and makes updates to the ONC Health IT Certification Program (Certification Program) with new and updated standards, implementation specifications and certification criteria.

The rule includes "first of its kind" transparency requirements for artificial intelligence and other predictive algorithms that are part of certified health IT. It also adopts the United States Core Data for Interoperability (USCDI) Version 3 as the new baseline standard within the ONC Health IT Certification Program (Certification Program) as of Jan. 1, 2026; revises certain information blocking definitions and exceptions to support information sharing; and implements the 21st Century Cures Act's requirement to adopt a Condition of Certification for developers of certified health IT to report certain metrics as part of their participation in the Certification Program.

Key Dates

  • Dec. 31, 2024: Health IT developers must update clinical decision support to meet new decision support intervention criterion and certified application program interface developers must publish Fast Healthcare Interoperability Resource endpoints.
  • Dec. 31, 2025: Health IT developers must update and provide health IT systems to customers that conform to new standards.
  • Jan. 1, 2026-2029: Health IT developers collect data for Insight Conditions Measures.

Visit the ONC website to learn more details from the HTI-1 Final Rule, including definitions and timeline.

ONC Releases HTI-2 Proposed Rule

The ONC released the Health Data, Technology, and Interoperability: Patient Engagement, Information Sharing, and Public Health Interoperability (HTI-2) proposed rule on July 10, 2023, building on the HTI-1 final rule released in 2023 and additional information blocking rules released by the Centers for Medicare and Medicaid Services and ONC in 2021.

Key provisions from the proposed rule include:

  • New certification criteria for electronic health records (EHRs) designed to improve interoperability for health IT systems used by public health systems and payers.
  • Updates to technology and standards for certified EHRs ranging from the capability to exchange clinical images (e.g., X-Rays) to the addition of multi-factor authentication support.
  • Expansion of the USCDI data set.
  • Updates to the Privacy, Infeasibility, and Requestor Preference Information Blocking Exceptions, and the creation of a new Protecting Care Access Exception.
  • Alignment with EHR requirements and CMS Electronic Prior Authorization requirements.
  • Revisions to electronic prescribing certification criterion to include real-time prescription benefit tools.

Access more information on the HTI-2 proposed rule on the ONC website.

How to Submit an Information Blocking Claim?

The ONC has authority to review claims of possible information blocking against health IT developers of certified health IT that may constitute a non-conformity under the ONC Health IT Certification Program. Separately, the U.S. Department of Health and Human Services' Office of the Inspector General has authority to investigate claims of possible information blocking across all types of actors, including health care providers, HINs and HIEs, and health IT developers of certified health IT.

Access the ONC's Health IT Feedback and Inquiry Portal to report an Information Blocking claim.

Information Blocking Compliance FAQs

EHI actors are required to comply with information blocking provisions unless they can claim an available exception.

Three categories of "actors" are regulated by the information blocking section of the ONC 21st Century Cures Act Final Rule: Health Care Provider, Health Information Network or Health Information Exchange; and Health IT Developer of Certified Health IT. Get additional clarification here.

There are eight types of exceptions: Preventing Harm; Privacy; Security; Infeasibility; Health IT Performance; Content and Manner; Fees; and Licensing. Read through key criteria of each exception here.

The information blocking regulations do not require the use of any specific standard or functionality to fulfill information sharing requests. Before October 6, 2022, an actor may fulfill a request with the EHI identified by the data elements represented in the USCDI standard, first in the manner requested and, if not, in an alternate manner agreed upon with the requestor, following the order of priority specified in the exception.

No. Actors subject to the information blocking regulations, such as clinicians, are not required to immediately upgrade their certified health IT if they also happen to participate in a separate regulatory program that requires the use of certified health IT, such as the Center for Medicare and Medicaid Services' Promoting Interoperability Programs.

There is no requirement under the information blocking regulations to proactively make available any EHI to patients or others who have not requested the EHI. However, any unnecessary delays or other unnecessary impediments in the release or availability of EHI in response to a request for legally permissible access, exchange, or use of EHI could implicate the information blocking provisions and result in violations.

Enforcement of the information blocking regulations depends upon the type of actor that is subject of an enforcement action. For health IT developers and health information networks/HIEs, the Department of Health and Human Services (HHS) Office of the Inspector General finalized a rule establishing enforcement of information blocking penalties starting September 1, 2023. OIG will not impose a penalty on any information blocking conduct that occurred before September 1, 2021.

For health care providers, a set of disincentives proposed by HHS in October 2023 were finalized on June 24. More details on provider disincentives can be found below and on the ONC website.

Disincentives For Health Care Providers That Have Committed Information Blocking

Under the 21st Century Cures Act, health care providers determined by the HHS Inspector General to have committed information blocking are referred to CMS for the application of a disincentive determined by the rulemaking process. These disincentives include:

  • Hospitals or critical access hospitals (CAHs) found to have committed information blocking will not be a meaningful electronic health record (EHR) user during the calendar year and the eligible hospital will not be able to earn three quarters of the annual market basket increase they would have been able to earn for successful program participation; for CAHs, payment will be reduced to 100% of reasonable costs instead of 101%.
  • Merit-based Incentive Payment System (MIPS)-eligible clinician (including a group practice) who has committed information blocking will not be a meaningful EHR user and they will receive a zero score in the MIPS Promoting Interoperability performance category.
  • Under the Medicare Shared Savings Program, a health care provider that is an Accountable Care Organization (ACO), ACO participant, or ACO provider or supplier who has committed information blocking may be ineligible to participate in the program for a period of at least one year.

Additional information on the application of disincentives for providers that have committed information blocking include:

Additional Resources and Tools

The ACC recommends the following resources from the American Medical Association (AMA), ONC and Centers for Medicare and Medicaid Services (CMS):

Stay tuned via the ACC Advocate newsletter and @Cardiology on X (formerly Twitter) for ongoing updates and tools your practice can use for education and compliance.