Information Blocking

Enforcement

What are the applicability dates and enforcement dates for the information blocking regulations?

The applicability date for the information blocking regulations in 45 CFR part 171 was established in the ONC Cures Act Final Rule, and was subsequently adjusted in the ONC Interim Final Rule. The Interim Final Rule moved the applicability date from November 2, 2020 to April 5, 2021.

The Interim Final Rule also revised the information blocking definition in 45 CFR 171.103 to adjust the timeframe for the “USCDI limitation.” Before October 6, 2022, electronic health information (EHI) for the purposes of the information blocking definition is limited to the EHI identified by the data elements represented in the United States Core Data for Interoperability (USCDI) standard.

Enforcement of the information blocking regulations depends upon the individual or entity that is subject of an enforcement action or "actor." For health IT developers and health information networks/HIEs, the HHS Office of the Inspector General posted its final rule implementing information blocking penalties. For health care providers, HHS has posted its proposed rule to establish appropriate disincentives as directed by the 21st Century Cures Act. For additional information, see the Disincentives Proposed Rule Overview fact sheet and the Disincentives Common Questions fact sheet.

Updated:

This FAQ has been updated pursuant to the HTI-1 Final Rule.

ID:IB.FAQ36.2.2024APR

How does the HHS Office of Inspector General’s (OIG’s) Information Blocking investigative and enforcement authority apply to actors?

Under section 4004 of the 21st Century Cures Act (Cures Act), the HHS OIG has authority to investigate any claim that health care providers, health information networks (HINs) and health information exchanges (HIEs), and health IT developers of certified health IT (collectively defined as “actors” in 45 CFR 171.102) have engaged in information blocking.

For actors HHS OIG determines have committed information blocking, enforcement consequences depend upon the actor involved.

  • For health IT developers of certified health IT and HINs/HIEs (as defined in 45 CFR 171.102), the Cures Act subjects these entities to civil monetary penalties if HHS OIG determines they committed information blocking. Under the Cures Act, these penalties could be up to $1 million per violation. The HHS OIG has issued a final rule on this enforcement authority.
  • For health care providers (as defined in 45 CFR 171.102) the Cures Act authorizes the Secretary of Health and Human Services to establish appropriate disincentives through notice and comment rulemaking. HHS has posted a final rule to establish appropriate disincentives as directed by the 21st Century Cures Act. For additional information, see the Disincentives Final Rule Overview fact sheet  and the Disincentives Common Questions fact sheet .  

Updated:

This FAQ has been updated pursuant to the Provider Disincentives Final Rule.

ID:IB.FAQ50.3.2024AUG