Log in to MyACC
Stay in the Know With ACC's Information Blocking Portal
About Information Blocking
What Is Information Blocking?
According to the Office of the National Coordinator for Health IT (ONC), information blocking is a practice by an "actor" that is likely to interfere with the access, exchange or use of electronic health information (EHI), except as required by law or specified in an information blocking exception. The 21st Century Cures Act applied the law to health care providers, health information technology (IT) developers of certified health IT, and health information exchanges (HIEs)/health information networks (HINs).
This legislation also established two different "knowledge" standards for actors' practices within the statute's definition of "information blocking." For health IT developers of certified health IT as well as HIEs/HINs, the law applies the standard of whether they know or should know that a practice is likely to interfere with the access, exchange or use of EHI. For health care providers, the law applies the standard of whether they know that the practice is unreasonable and is likely to interfere with the access, exchange or use of EHI.
Exceptions
The ONC has created eight exceptions that outline activities that do not constitute information blocking by actors. These exceptions include:
- Exceptions that involve not fulfilling requests to access, exchange or use EHI
- Preventing Harm Exception
- Privacy Exception
- Security Exception
- Infeasibility Exception
- Health IT Performance Exception
- Exceptions that involve procedures for fulfilling requests to access, exchange or use EHI
- Content and Manner Exception
- Fees Exception
- Licensing Exception
View the ONC Information Blocking Exceptions Fact Sheet for more information about each available exception.
Interoperability and Information Blocking Regulatory Updates From the HTI-1 Final Rule
The ONC issued its final rule addressing Health Data, Technology, and Interoperability: Certification Program Updates, Algorithm Transparency, and Information Sharing (HTI-1) in late 2023, which continues to implement provisions of the 21st Century Cures Act and makes updates to the ONC Health IT Certification Program (Certification Program) with new and updated standards, implementation specifications and certification criteria.
The rule includes "first of its kind" transparency requirements for artificial intelligence and other predictive algorithms that are part of certified health IT. It also adopts the United States Core Data for Interoperability (USCDI) Version 3 as the new baseline standard within the ONC Health IT Certification Program (Certification Program) as of Jan. 1, 2026; revises certain information blocking definitions and exceptions to support information sharing; and implements the 21st Century Cures Act's requirement to adopt a Condition of Certification for developers of certified health IT to report certain metrics as part of their participation in the Certification Program.
Key Dates
- Dec. 31, 2024: Health IT developers must update clinical decision support to meet new decision support intervention criterion and certified application program interface developers must publish Fast Healthcare Interoperability Resource endpoints.
- Dec. 31, 2025: Health IT developers must update and provide health IT systems to customers that conform to new standards.
- Jan. 1, 2026-2029: Health IT developers collect data for Insight Conditions Measures.
Visit the ONC website to learn more details from the HTI-1 Final Rule, including definitions and timeline.
How to Submit an Information Blocking Claim?
The ONC has authority to review claims of possible information blocking against health IT developers of certified health IT that may constitute a non-conformity under the ONC Health IT Certification Program. Separately, the U.S. Department of Health and Human Services' Office of the Inspector General has authority to investigate claims of possible information blocking across all types of actors, including health care providers, HINs and HIEs, and health IT developers of certified health IT.
Access the ONC's Health IT Feedback and Inquiry Portal to report an Information Blocking claim.
Information Blocking Compliance FAQs
When do EHI Actors Need to Comply?
EHI actors are required to comply with information blocking provisions unless they can claim an available exception.
Who Is Considered an Actor?
Three categories of "actors" are regulated by the information blocking section of the ONC 21st Century Cures Act Final Rule: Health Care Provider, Health Information Network or Health Information Exchange; and Health IT Developer of Certified Health IT. Get additional clarification here.
What Type of Requests Are Excepted?
There are eight types of exceptions: Preventing Harm; Privacy; Security; Infeasibility; Health IT Performance; Content and Manner; Fees; and Licensing. Read through key criteria of each exception here.
What Specific Standard or Functionality Is Required to Fulfill Information Sharing Requests?
The information blocking regulations do not require the use of any specific standard or functionality to fulfill information sharing requests. Before October 6, 2022, an actor may fulfill a request with the EHI identified by the data elements represented in the USCDI standard, first in the manner requested and, if not, in an alternate manner agreed upon with the requestor, following the order of priority specified in the exception.
Are Actors Required to Have or Use Health IT Certified Under the ONC Health IT Certification Program?
No. Actors subject to the information blocking regulations, such as clinicians, are not required to immediately upgrade their certified health IT if they also happen to participate in a separate regulatory program that requires the use of certified health IT, such as the Center for Medicare and Medicaid Services' Promoting Interoperability Programs.
Does EHI Need to Be Proactively Available When It Has Not Been Requested?
There is no requirement under the information blocking regulations to proactively make available any EHI to patients or others who have not requested the EHI. However, any unnecessary delays or other unnecessary impediments in the release or availability of EHI in response to a request for legally permissible access, exchange, or use of EHI could implicate the information blocking provisions and result in violations.
How Are Information Blocking Regulations Enforced?
Enforcement of the information blocking regulations depends upon the type of actor that is subject of an enforcement action. For health IT developers and health information networks/HIEs, the Department of Health and Human Services (HHS) Office of the Inspector General finalized a rule establishing enforcement of information blocking penalties starting September 1, 2023. OIG will not impose a penalty on any information blocking conduct that occurred before September 1, 2021.
For health care providers, there currently is no established disincentive and enforcement mechanism in place. HHS proposed a set of disincentives in October 2023 that would apply if found to have committed Information Blocking by the OIG but the final rule and enforcement dates have not been released.
Additional Resources and Tools
The ACC recommends the following resources from the American Medical Association (AMA), ONC and Centers for Medicare and Medicaid Services (CMS):
- Information Blocking: How Do I Comply and Where Do I Start? (AMA)
- Information Blocking FAQs (ONC)
- 21st Century Cures Act Interoperability Final Rule Overview (ONC)
- Who Qualifies as an Information Blocking Actor? (ONC)
- Qualified Information Blocking Exceptions (ONC)
- Interoperability and Patient Access Final Rule Fact Sheet (CMS)
- Health Care Provider Definition and Cross-Reference Table
- Information Blocking Exceptions
- United States Core Data for Interoperability
Stay tuned via the ACC Advocate newsletter and @Cardiology on X (formerly Twitter) for ongoing updates and tools your practice can use for education and compliance.
