A new federal enforcement push will target healthcare entities that prevent patients from accessing their electronic health records.
The U.S. Department of Health and Human Services (HHS) announced a renewed initiative to investigate and penalize healthcare entities that engage in ‘information blocking’, the practice of preventing access, exchange, or use of electronic health information (EHI). The move comes under the direction of Secretary Robert F. Kennedy, Jr., and marks a shift toward stronger enforcement of the 21st Century Cures Act.
While information blocking received limited attention under previous administrations, the current HHS leadership has committed to active enforcement, particularly targeting health care providers, health IT developers, and health information networks that hinder lawful data access.
The Office of the Assistant Secretary for Technology Policy (ASTP/ONC) and the HHS Office of Inspector General (OIG) will jointly lead the crackdown. These agencies are authorized by the Cures Act to impose penalties and revoke certifications for violators. The ONC Cures Act Final Rule, issued during the Trump administration, established that patients must be able to access their EHI electronically and at no cost, including through third-party health apps.
The crackdown includes:
Tom Keane, MD, Assistant Secretary for Technology Policy, confirmed that reviews are already underway and that the department is working closely with OIG to investigate flagged entities.
Deputy Secretary Jim O’Neill stated that “unblocking the flow of health information is critical to unleashing health IT innovation and transforming our healthcare ecosystem.” Acting Inspector General Juliet T. Hodgkins mentioned that HHS “will deploy all available authorities” to enforce compliance and hold violators accountable.
Secretary Kennedy’s stated goal is to “Make America Healthy Again” by empowering patients to take control of their health through unfettered access to their own information.
Information blocking occurs when a healthcare entity knowingly prevents or delays access to electronic health information without a valid legal or technical reason.
Healthcare providers, certified health IT developers, health information exchanges (HIEs), and health information networks (HINs) are all subject to these regulations.
Examples include refusing to share records with patients, blocking third-party health apps, imposing excessive fees for access, or requiring unnecessary approvals or delays.
Patients and developers can report suspected violations through the ASTP/ONC’s Report Information Blocking Portal.
Consequences include civil monetary penalties of up to $1 million per violation, disqualification from certification programs, and disincentives under CMS-related programs.