Practice Areas



Information Blocking Regulations Under the ONC Cures Act Final Rule

Breanne M. Rubin

hand entering info on laptop   The 21st Century Cures Act was enacted in December of 2016 to support medical product development and innovation. It also regulates health care information technology (IT) systems and emphasizes the “patient perspective.” On May 1, 2020, the Office of the National Coordinator for Health IT (ONC) issued a final rule implementing certain interoperability requirements identified in the Cures Act. Specifically, the final rule establishes certification requirements for health IT developers, seeks to promote and improve patient access to electronic health information through standardized apps,  and prevents information blocking. Due to the COVID-19 pandemic, compliance dates for certain requirements of the final rule were extended by the ONC in an interim final rule with comment period, including the compliance date related to information blocking. That compliance date came and went on April 5 when the information blocking provisions of the final rule went into effect. In order to help providers navigate these new regulatory requirements, the below Q&A addresses some common questions about information blocking. 

What is “Information Blocking”? 

   If conducted by a health care provider, “information blocking” is defined as a practice that is likely to interfere with, prevent or materially discourage access, exchange or use of electronic health information (EHI) when the provider knows that such practice is unreasonable and is likely to interfere with, prevent or materially discourage access, exchange or use of EHI. Section 4004 of the Cures Act provides the following examples of prohibited information blocking practices: 

   Because the final rule’s definition of information blocking is so broadly defined, the practice may be better understood by what it is not through eight identified exceptions. 

What Exceptions are Provided in the Information Blocking Rule? 

   Of the eight exceptions to what shall be considered information blocking under the final rule, five exceptions involve not fulfilling requests to access, exchange or use EHI.  The ONC describes them as: 

   The remaining three exceptions involve procedures for fulfilling requests to access, exchange or use EHI and are described by the ONC as follows: 

What Information Must be Made Available to Patients? 

   As of April 5, patients must have access to the types of EHI identified by the United States Core Data for Interoperability (USCDI) standard. This data includes EHI related to: 

   Effective October 6, 2022, the definition of EHI will be expanded to include all EHI found in a “designated record set” as defined by HIPAA. Thus, patients will then have access to: 

   Notably, the final rule specifically excludes from this definition psychotherapy notes as well as information compiled in reasonable anticipation of, or for use in, a civil, criminal or administrative action or proceeding. 

What Happens if I Do Not Comply with the Information Blocking Rule? 

   While the final rule sets forth clear civil monetary penalties of up to $1 million per violation by certified health IT developers, details pertaining to the repercussions for health providers that fail to comply with the information blocking rule are lacking. The final rule provides that if a provider is investigated for failure to comply, the provider may be “subject to appropriate disincentives.” 

   As the second effective week of the information blocking rule unfolds, providers should ensure that they have an information blocking policy in place that explains the eight exceptions identified above, and that their personnel have been trained to enforce it. Providers should be prepared to provide patients with access to their EHI without delay, which will be evaluated on a case-by-case basis. 

   The ONC provides additional Q&As. For assistance in implementing the requirements of the final rule, or to learn more, please reach out to Ms. Rubin or one of our health care attorneys


Disclaimer: This alert has been prepared by Eastman & Smith Ltd. for informational purposes only and should not be considered legal advice. This information is not intended to create, and receipt of it does not constitute, an attorney/client relationship.