ONC Proposals on Information Blocking

By April 15, 2019Blog, Provider

The following update is provided by emids subject matter experts (SMEs) in the Provider Business Unit, Digital Transformation Advisory Services, covering proposed Health IT policy changes that are important to our customers and partners.

On February 11, 2019, the U.S. Department of Health and Human Services (HHS) released two health IT relevant proposed rules focused on interoperability.

On March 13th we covered proposed provisions from the Centers for Medicare and Medicaid Services (CMS) proposed rule in this blog:  CMS Interoperability and Patient Access Proposed Requirements.  The proposals in the CMS proposed rule are applicable to providers and payers.

In this blog, we cover the proposed information blocking provisions from the Office of the National Coordinator for Health Information Technology (ONC) proposed rule, 21st Century Cures Act:  Interoperability, Information Blocking, and the ONC Health IT Certification Program Proposed Rule.  The information blocking proposals apply to health care providers, health IT developers, health information exchanges (HIEs), and health information networks (HINs).

The information blocking implications are most relevant to providers as policy considerations and CIO’s awareness of needed technical capabilities and actions that would or would not constitute information blocking.

To support the proposed rule, ONC has posted several fact sheets on its Notice of Proposed Rulemaking to Improve the Interoperability of Health Information website, which include one for each of the seven proposed exceptions to information blocking.  In our blog, we provide a summary of information blocking and cover the seven exception categories as well as include links to sources and the newly introduced terms of actor, electronic health information (EHI), the “know” standard, and practice.

About Information Blocking

In April 2015, ONC authored the Report on Health Information Blocking in response to Congress’s request for the ONC to produce a report on the extent of health information blocking and a comprehensive strategy to address it.

In that same timeframe, Congress passed the Medicare Access and CHIP Reauthorization Act of 2015 (MACRA), which required providers to demonstrate they had not taken action to limit or restrict the compatibility or interoperability of the certified EHR technology (CEHRT).  This was implemented through the first Quality Payment Program (QPP) ruling as an attestation process for providers participating in the hospital Promoting Interoperability (PI) program and the QPP PI performance category.

Signed into law on December 13, 2016, the 21st Century Cures Act (Cures Act) established authority for the HHS Office of the Inspector General (OIG) to investigate claims of information blocking and assign penalties for practices found to be interfering with the lawful sharing of EHI.

Information blocking is when an actor (health care provider, health IT developer, HIE, or HIN) knowingly and unreasonably interferes with the exchange and use of EHI, which is a right protected by the Health Insurance Portability and Accountability Act (HIPAA) of 1996.  If conducted by an actor, such actor should know that such practice is unreasonable and likely to be information blocking (the “know” standard).

Information blocking practices may include:

  • Fees that make data exchange cost prohibitive.
  • Organizational policies or contract terms that prevent sharing information with patients or health care providers.
  • Technology designed or implemented in non-standard ways that inhibit the exchange of information.
  • Patients or health care providers being “locked in” to a specific technology or health care network because data is not portable.

Additionally, the proposed rule addresses practices that would almost always be considered information blocking.  Included among the practices is observational health information, of which we highlight two examples that would implicate information blocking.

  • ONC provides that observational health information may be technically structured or unstructured, which means clinicians’ notes would constitute observational health information if they contain observations or conclusions about a patient or the patient’s care.
    • What this means to providers:  CIOs will want to ensure they have the technical capability to capture unstructured data electronically so the EHI is available via an application programming interface (API).
  • ONC states that EHI stored in a proprietary format or that has been combined with confidential or proprietary information does not alter the actor’s obligations under the information blocking provisions to facilitate access, exchange, and use of the EHI in response to a request.
    • What this means to providers:  CIO’s will want to be aware that this practice could implicate information blocking and have a process in place to facilitate access to requested EHI.

If the OIG determines that a health IT developer, network, or exchange has committed information blocking, they are subject to a civil monetary penalty up to $1,000,000 per violation.  Providers are held to a “know” standard and are also held to penalty of appropriate disincentive, which is yet to be defined. 

Some actions that impede the exchange of EHI do not constitute information blocking, such as protecting patient safety or privacy, and if certain conditions are met.  Another provision in the Cures Act requires the Secretary, through rulemaking, to identify these reasonable and necessary activities that do not constitute information blocking and it states there will be no enforcement before the exceptions are identified.  The ONC proposed rule is the rulemaking for that requirement.

About the ONC Proposed Rule

In this rule, ONC identifies seven categories of practices that interfere with the access, exchange, or use of EHI but would be reasonable and necessary and not constitute information blocking, provided certain conditions are met.  If the actions by an actor satisfy one or more of the exceptions, the actions would not be treated as information blocking and the actor would not be subject to civil penalties and other disincentives under the law.

While the examples provided by ONC in this rule add more clarity than previously available, there are no definitive answers as to what is or isn’t considered information blocking and determinations will be made on a case by case basis.  However, with the examples provided, this proposed rule acts as a guide to policy decisions and prevention awareness.

Information Blocking Exceptions and Complaint Process

ONC proposes seven exceptions that would not constitute information blocking if all conditions are met.  ONC is also requesting comment on the proposed complaint process approach.

The Seven Exceptions 

  • Exceptions 1-3 extend to activities that are reasonable and necessary to prevent harm to patients and others; promote the privacy of EHI; and promote the security of EHI, subject to strict conditions to prevent the exceptions from being misused.
  • Exceptions 4-6 address activities that are reasonable and necessary to promote competition and consumer welfare.
  • Exception 7 recognizes it may be reasonable and necessary for actors to make health IT temporarily unavailable for the benefit of the overall performance of health IT.  This exception would permit an actor to make the operation of health IT unavailable in order to implement upgrades, repairs, and other changes.

Complaint Process

  • ONC is responsible for implementing a standardized process for the public to submit reports on claims of health information blocking.  Reports can be submitted regarding any practice by the actors that may constitute information blocking.
  • ONC is requesting comments on the current complaint process, which is available at https://www.healthit.gov/healthit-feedback.  It is a simple form.  The submitter can submit anonymously or not, check the information blocking box, and provide a statement of the complaint.  Supporting documentation can also be attached.

What this means for Providers

  • The first three exception categories are most relevant to provider-based activities (preventing harm, and promoting the privacy and security of EHI).  Additionally, five and seven apply to providers.
  • It will be important for all actors to interpret the guidance ONC provides in this rule as it applies to their individual circumstance.  ONC emphasizes that reports of information blocking will be investigated on a case by case basis and the exceptions would be subject to strict conditions.
  • Criteria for meeting the seven proposed exceptions is very comprehensive, and if adopted as proposed, providers would need to review all policies and procedures related to information sharing to determine if there are any practices that may implicate information blocking.
    • Any possible information blocking practices would require policy and procedure revisions to ensure criteria for the exceptions is clearly met.
    • Evidence that updated policy and procedures were implemented and applicable staff trained should be obtained.
  • If a provider believes they have an exception, they should develop specific documentation to support that cause.
  • To be pro-active, providers could consider, through legal counsel, incorporating an information blocking disclosure section in their Policy and Procedures to identify where consumers as well as providers can go to submit a complaint if they experience information blocking.

New Terms


  • In reference to Information Blocking, “actor” means an individual or entity that is a health care provider, health IT developer, exchange, or network.

Electronic Health Information (EHI)

  • ONC proposes that EHI means—(1) Electronic protected health information; and (2) Any other information that identifies the individual, or with respect to which there is a reasonable basis to believe the information can be used to identify the individual and is transmitted by or maintained in electronic media that relates to the past, present, or future health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual. EHI would not be limited to information that is created or received by a health care provider, and it does not include health information that is de-identified.

Knowledge Standard (The “Know” Standard)

  • Providers: “…knows that such practice is unreasonable and is likely to interfere with, prevent, or materially discourage the access, exchange or use of electronic health information….”.
  • Health IT Developers of Certified Health IT, HINs, and HIEs: “…knows, or should know, that such practice is likely to interfere with, prevent, or materially discourage the access, exchange or use of electronic health information….”.


  • ONC uses the term “practice” throughout the proposed rule when describing conduct that is likely to interfere with, prevent, or materially discourage access, exchange, or use of electronic health information, regardless of whether that conduct meets the conditions for an exception to the information blocking provision.


Points of view and interpretation were relevant at time of authorship; however, they are subject to change over time.  For more information about these proposed changes, contact us at engage@emids.com.