Information Blocking
What Is Information Blocking?
According to the Office of the National Coordinator for Health IT (ONC), information blocking is a practice by an "actor" that is likely to interfere with the access, exchange or use of electronic health information (EHI), except as required by law or specified in an information blocking exception. The 21st Century Cures Act applied the law to health care providers, health information technology (IT) developers of certified health IT, and health information exchanges (HIEs)/health information networks (HINs).
This legislation also established two different "knowledge" standards for actors' practices within the statute's definition of "information blocking." For health IT developers of certified health IT as well as HIEs/HINs, the law applies the standard of whether they know or should know that a practice is likely to interfere with the access, exchange or use of EHI. For health care providers, the law applies the standard of whether they know that the practice is unreasonable and is likely to interfere with the access, exchange or use of EHI.
Exceptions
The ONC has created eight exceptions that outline activities that do not constitute information blocking by actors. These exceptions include:
- Exceptions that involve not fulfilling requests to access, exchange or use EHI
- Preventing Harm Exception
- Privacy Exception
- Security Exception
- Infeasibility Exception
- Health IT Performance Exception
- Exceptions that involve procedures for fulfilling requests to access, exchange or use EHI
- Content and Manner Exception
- Fees Exception
- Licensing Exception
View the ONC Information Blocking Exceptions Fact Sheet for more information about each available exception.
Information Blocking Enforcement Alert
In September 2025, The Office of Inspector General (OIG) and the Office of the Assistant Secretary for Technology Policy/Office of the National Coordinator for Health Information Technology (ASTP/ONC) issued an enforcement alert to signal their intensified enforcement activity, dedicate additional resources, and take decisive action to detect and end information blocking.
Consequences for Information Blockers
Individuals and entities found to have engaged in information blocking may face several types of enforcement actions:
OIG may impose CMPs of up to $1 million per violation against:
- Health IT developers of certified health IT,
- Entities offering certified health IT,
- Health information exchanges (HIEs), and
- Health information networks (HINs).
OIG will prioritize enforcement where practices cause patient harm, significantly impact or impair a provider's ability to deliver patient care, are of long duration, or cause financial loss to Federal health care programs or other Government or private entities. Additional information about OIG's investigative process and OIG enforcement priorities may be found on OIG's information blocking page.
ASTP/ONC Certification Program Ban and/or Termination of Certification
ASTP/ONC can ban a developer of certified health IT that information blocks from the ONC Health IT Certification Program and may also terminate the certification of health IT involved in information blocking. ASTP/ONC intends to investigate and take swift action where warranted. Additional information can be found on ASTP/ONC's information blocking page.
CMS Health Care Provider Disincentives
Under the Cures Act, OIG may investigate and refer providers that engage in information blocking to the Department, which may impose appropriate disincentives. CMS has established specific disincentives that it may apply to the following providers:
- Eligible hospitals and critical access hospitals participating in the Medicare Promoting Interoperability Program;
- Merit-based Incentive Payment System eligible clinicians (including a group practice); and
- A Medicare Shared Savings Program accountable care organization (ACO), ACO participants, and ACO providers/suppliers.
Additional information on the application of disincentives for providers that have committed information blocking include:
Information Blocking Compliance FAQs
When do EHI Actors Need to Comply?
EHI actors are required to comply with information blocking provisions unless they can claim an available exception.
Who Is Considered an Actor?
Three categories of "actors" are regulated by the information blocking section of the ONC 21st Century Cures Act Final Rule: Health Care Provider, Health Information Network or Health Information Exchange; and Health IT Developer of Certified Health IT.
What Type of Requests Are Excepted?
There are eight types of exceptions: Preventing Harm; Privacy; Security; Infeasibility; Health IT Performance; Content and Manner; Fees; and Licensing.
What Specific Standard or Functionality Is Required to Fulfill Information Sharing Requests?
The information blocking regulations do not require the use of any specific standard or functionality to fulfill information sharing requests. Before October 6, 2022, an actor may fulfill a request with the EHI identified by the data elements represented in the USCDI standard, first in the manner requested and, if not, in an alternate manner agreed upon with the requestor, following the order of priority specified in the exception.
Are Actors Required to Have or Use Health IT Certified Under the ONC Health IT Certification Program?
No. Actors subject to the information blocking regulations, such as clinicians, are not required to immediately upgrade their certified health IT if they also happen to participate in a separate regulatory program that requires the use of certified health IT, such as the Center for Medicare and Medicaid Services' Promoting Interoperability Programs.
Does EHI Need to Be Proactively Available When It Has Not Been Requested?
There is no requirement under the information blocking regulations to proactively make available any EHI to patients or others who have not requested the EHI. However, any unnecessary delays or other unnecessary impediments in the release or availability of EHI in response to a request for legally permissible access, exchange, or use of EHI could implicate the information blocking provisions and result in violations.
How Are Information Blocking Regulations Enforced?
Enforcement of the information blocking regulations depends upon the type of actor that is subject of an enforcement action. For health IT developers and health information networks/HIEs, the Department of Health and Human Services (HHS) Office of the Inspector General finalized a rule establishing enforcement of information blocking penalties starting September 1, 2023. OIG will not impose a penalty on any information blocking conduct that occurred before September 1, 2021.
For health care providers, a set of disincentives proposed by HHS in October 2023 were finalized on June 24. More details on provider disincentives can be found below and on the ONC website.
How to Submit an Information Blocking Claim?
The ONC has authority to review claims of possible information blocking against health IT developers of certified health IT that may constitute a non-conformity under the ONC Health IT Certification Program. Separately, the U.S. Department of Health and Human Services' Office of the Inspector General has authority to investigate claims of possible information blocking across all types of actors, including health care providers, HINs and HIEs, and health IT developers of certified health IT.
Access the ONC's Health IT Feedback and Inquiry Portal to report an Information Blocking claim.
Interoperability and Information Blocking Regulatory Updates From the HTI-1 Final Rule
The ONC issued its final rule addressing Health Data, Technology, and Interoperability: Certification Program Updates, Algorithm Transparency, and Information Sharing (HTI-1) in late 2023, which continues to implement provisions of the 21st Century Cures Act and makes updates to the ONC Health IT Certification Program (Certification Program) with new and updated standards, implementation specifications and certification criteria.
The rule includes "first of its kind" transparency requirements for artificial intelligence and other predictive algorithms that are part of certified health IT. It also adopts the United States Core Data for Interoperability (USCDI) Version 3 as the new baseline standard within the ONC Health IT Certification Program (Certification Program) as of Jan. 1, 2026; revises certain information blocking definitions and exceptions to support information sharing; and implements the 21st Century Cures Act's requirement to adopt a Condition of Certification for developers of certified health IT to report certain metrics as part of their participation in the Certification Program.
Key Dates
- Dec. 31, 2025: Health IT developers must update and provide health IT systems to customers that conform to new standards.
- Jan. 1, 2026-2029: Health IT developers collect data for Insight Conditions Measures.
Visit the ONC website to learn more details from the HTI-1 Final Rule, including definitions and timeline.
ONC Releases HTI-2 Proposed Rule
The ONC released the Health Data, Technology, and Interoperability: Patient Engagement, Information Sharing, and Public Health Interoperability (HTI-2) proposed rule on July 10, 2023, building on the HTI-1 final rule released in 2023 and additional information blocking rules released by the Centers for Medicare and Medicaid Services and ONC in 2021.
Key provisions from the proposed rule include:
- New certification criteria for electronic health records (EHRs) designed to improve interoperability for health IT systems used by public health systems and payers.
- Updates to technology and standards for certified EHRs ranging from the capability to exchange clinical images (e.g., X-Rays) to the addition of multi-factor authentication support.
- Expansion of the USCDI data set.
- Updates to the Privacy, Infeasibility, and Requestor Preference Information Blocking Exceptions, and the creation of a new Protecting Care Access Exception.
- Alignment with EHR requirements and CMS Electronic Prior Authorization requirements.
- Revisions to electronic prescribing certification criterion to include real-time prescription benefit tools.
Access more information on the HTI-2 proposed rule on the ONC website.
Additional Resources and Tools
The ACC recommends the following resources from the American Medical Association (AMA), ONC and Centers for Medicare and Medicaid Services (CMS):
- Information Blocking: How Do I Comply and Where Do I Start? (AMA)
- Information Blocking FAQs (ONC)
- 21st Century Cures Act Interoperability Final Rule Overview (ONC)
- Who Qualifies as an Information Blocking Actor? (ONC)
- Qualified Information Blocking Exceptions (ONC)
- Interoperability and Patient Access Final Rule Fact Sheet (CMS)
- Health Care Provider Definition and Cross-Reference Table
- Information Blocking Exceptions
- United States Core Data for Interoperability
Guidelines
JACC Journals on ACC.org
- JACC
- JACC: Advances
- JACC: Asia
- JACC: Basic to Translational Science
- JACC: CardioOncology
- JACC: Cardiovascular Imaging
- JACC: Cardiovascular Interventions
- JACC: Case Reports
- JACC: Clinical Electrophysiology
- JACC: Heart Failure
Membership
- Campaign for the Future
- Become a Member
- Renew Your Membership
- Member Benefits and Resources
- Member Sections
- Chapters
- ACC Member Directory
About ACC
Clinical Topics
- Acute Coronary Syndromes
- Anticoagulation Management
- Arrhythmias and Clinical EP
- Cardiac Surgery
- Cardio-Oncology
- Chronic Angina
- Congenital Heart Disease and Pediatric Cardiology
- COVID-19 Hub
- Diabetes and Cardiometabolic Disease
- Dyslipidemia
- Geriatric Cardiology
- Heart Failure and Cardiomyopathies
- Hypertriglyceridemia
- Invasive Cardiovascular Angiography and Intervention
- Noninvasive Imaging
- Pericardial Disease
- Prevention
- Pulmonary Hypertension and Venous Thromboembolism
- Sports and Exercise Cardiology
- Stable Ischemic Heart Disease
- Valvular Heart Disease
- Vascular Medicine
Latest in Cardiology
- Clinical Updates & Discoveries
- Advocacy & Policy
- Perspectives & Analysis
- Meeting Coverage
- ACC Member Publications
- ACC Podcasts
Education and Meetings
- Online Learning Catalog
- Understanding MOC
- Products and Resources
- Image and Slide Gallery
- Meetings
- Certificates and Certifications
- Annual Scientific Session
