The Information Blocking Rule: A Proposed Cure for Health Care Provider Hoarding

On October 30, 2023, the U.S. Department of Health and Human Services (“HHS”) released a new proposed rule (the “Information Blocking Rule”).[1] The proposed rule would hold health care providers accountable for information blocking under the 21st Century Cures Act (“Cures Act”).[2]

Information blocking is prevalent in health care delivery. Information blocking occurs when a provider interferes with the access, exchange, or use of electronic health information, except as required by HIPAA and other state laws. Information blocking can include actions such as disabling or restricting the use of a capability that enables users to share PHI; charging excessive fees for patients to access information; limiting duration of access to patient information or restricting authorized access; or implementing non-standardized or complex technology. Because of the requirements to bar unauthorized access to protected health information (“PHI”) and related liabilities, health care providers routinely restrict PHI access. When such restrictions block interoperability of necessary patient treatment information between providers, information blocking occurs. When taken to a logical extreme, information hoarding may restrict patient choice of care from other providers and reduce care quality.

In 2016, Congress passed the Cures Act which requires, among other things, that patients have easier and portable access to their health care information through secure portals which they can access on computers or smart phone applications. Eight categories of clinical notes must be made accessible to patients. These categories include consultation notes, discharge summary notes, history and physicals, imaging narratives, lab report narratives, pathology report narrative, procedure notes, and progress notes. Information blocking is therefore contrary to these requirements.

The proposed rule applies to Medicare-enrolled healthcare providers and is intended to disincentivize information blocking. The Office of Inspector General (“OIG”) will investigate claims of information blocking and can issue various penalties specific to provider type.

Under the Medicare Promoting Interoperability Program, a hospital (including a critical access hospital) that hoards information would not be a meaningful electronic health record (EHR) user in an applicable EHR reporting period. Eligible hospitals would experience a loss of 75% of the annual market basket increase. For critical access hospitals, payment would be reduced to 100 percent of reasonable costs instead of the usual 101 percent.

Under the Promoting Interoperability Performance category of the Merit-based Incentive Payment System, a hoarding health care provider would not be considered a meaningful user of certified EHR technology. As a result, the provider would receive a zero score in the Promoting Interoperability performance category of the Merit-Based Incentive Payment System, affecting payment.

Under the Medicare Shared Savings Program, a hoarding health care provider that is an Accountable Care Organization (ACO), ACO participant, or ACO provider or supplier would be ineligible to participate in the program for at least one year, which can result in being removed from an ACO or being unable to join an ACO in the future. ACO ineligibility can cause health care providers to lose out on revenue that they might have otherwise earned in the Shared Savings Program.

In addition to establishing these disincentives, the rule sets forth the process of investigating claims of information blocking. During its investigation, OIG will assess whether the information blocking conduct: 1) will result in, cause, or have the potential to cause patient harm; 2) significantly impacts a provider’s ability to care for patients; 3) occurs for an extended period of time; and 4) causes financial loss to Federal health care programs or other government or private entities.

The rule also proposes to publish information regarding healthcare providers subject to disincentives in efforts to promote transparency to the public. Information including the provider’s name, business address, information blocking practice, the disincentive applied, and where to find additional information will be posted pursuant to this proposed rule.

The proposed rule has been published in the Federal Register, and it is available for public comment for 60 days starting November 1, 2023. OIG invites comments regarding the four factors used to investigate information blocking conduct, as well as the types of information that should be posted publicly following a determination that a healthcare provider has committed information blocking. Written or electronic comments must be received via the Federal Register no later than 11:59 p.m. ET on January 2, 2024.

If you or your organization have questions about the proposed rule, please contact Peter Mellette, Harrison Gibbs, Elizabeth Coleman, or Trace Hall at Goodman Allen Donnelly. Thanks to Angelica Radomski, William and Mary Law School ’24, for her assistance with this advisory.

This Client Advisory is for general education purposes only. It is not intended to provide legal advice specific to any situation you may have. Individuals desiring legal advice should consult legal counsel for up-to-date and fact-specific advice.


[2] HHS previously enacted a final rule in June 2023 that established penalties for health IT entities that performed acts that constituted information blocking. See