Federal regulators are signalling that enforcement of information blocking rules will become far more active.
What happened
In an interview with Information Security Media Group, attorney Nan Halstead of Reed Smith said that organizations covered by the 21st Century Cures Act should expect closer scrutiny from the Department of Health and Human Services. The law prohibits practices that interfere with the access, exchange, use, or interoperability of electronic health information. Halstead noted that regulators have taken years to define enforcement pathways and that the first wave of formal actions will likely target conduct with the greatest impact on patient care.
Going deeper
Halstead explained that many providers, health IT developers, health information networks, and other regulated actors may unknowingly engage in practices that fit the regulatory definition of information blocking. Actions that create delays, restrict patient access, or place unnecessary burdens on data exchange could fall under HHS review. She also states the need to assess internal policies, consent workflows, technical configurations, and contracting language to make sure they do not conflict with interoperability standards. Privacy and security exceptions exist, but they must be applied in a narrow, well-documented manner that demonstrates necessity rather than default practice.
What was said
Halstead cautioned that the absence of prior enforcement should not create a sense of safety, as HHS investigators are expected to prioritize incidents where information access barriers could contribute to clinical delays or patient harm. She said that covered entities should confirm that decisions involving data sharing are tied to clearly defined regulatory exceptions. She also encouraged organizations to prepare staff training, create internal review channels for access requests, and maintain documentation that supports decisions to withhold or limit electronic health information. Halstead added that privacy and security teams must coordinate closely with compliance teams to avoid inconsistent interpretations of regulatory requirements.
The big picture
Public and private sector researchers have noted that inconsistent data-sharing practices continue to frustrate clinicians and patients. A recent review published in Frontiers reported that “workflow disruptions and documentation burdens remain persistent challenges associated with EHR use,” adding that “these barriers limit the effectiveness of electronic health record systems and affect the quality and timeliness of information available to patients and clinicians.” The study concluded that clearer internal governance and stronger alignment with federal interoperability rules can reduce these barriers and improve patient experience.
FAQs
What activity qualifies as information blocking?
Information blocking occurs when an organisation knowingly takes an action that is likely to interfere with the access, exchange, or use of electronic health information without meeting a regulatory exception.
Who is covered by the information blocking rules?
The rules apply to healthcare providers, certified electronic health record developers, health information networks, and health information exchanges.
What practices commonly lead to enforcement attention?
Delays in releasing patient records, unnecessary fees, technical configurations that prevent data sharing, refusal to share information with unaffiliated providers, and vague or inconsistent policies.
Farah Amod
%20-%202024-12-27T120059.967.jpg)
