The U.S. Department of Health and Human Services (HHS) has announced a renewed effort under Secretary Robert F. Kennedy, Jr. to crack down on information blocking practices that limit the ability of patients to access, exchange, or use their electronic health information (EHI). 

What Is Being Targeted

  • Those failing to comply with the legal obligations under the 21st Century Cures Act (2016), including certified health IT developers, providers, health information networks, and health information exchanges.
  • Any efforts that hinder or otherwise unlawfully restrict access, exchange, or use of EHI.

What Laws Empower HHS

  • The 21st Century Cures Act gives ASTP/ONC (the Office of the Assistant Secretary for Technology Policy / Office of the National Coordinator for Health Information Technology) and the HHS Office of Inspector General (OIG) authority to enforce rules against information blocking.  
  • The ONC’s Cures Act Final Rule confirms that patients must have free, easy electronic access to their EHI—including via apps of their choice—and that providers should be able to choose digital tools without being hampered by excessive costs or technical barriers.  

Key Voices

HHS officials emphasized that data transparency is central to transforming healthcare.

In the words of Deputy Secretary Jim O’Neill:

“Unblocking the flow of health information is critical to unleashing health IT innovation and transforming our healthcare ecosystem. . . We will take appropriate action against any health care actors who are found to be blocking health data for patients, caregivers, providers, health innovators, and others.”

This statement underscores the administration’s broader goal of empowering patients in an effort to improve care.

Moreover, such efforts to root out information blocking have already begun.

Tom Keane, MD, Assistant Secretary for Technology Policy and National Coordinator for Health Information Technology has stated:

“We had already begun reviewing reports of information blocking against developers of certified health IT under the ONC Health IT Certificate Program and are providing technical assistance to our colleagues at OIG for investigations.”

Thus, the time for action by providers and others to ensure compliance with the law is now. 

Key Changes & Enforcement Measures

  • HHS is increasing the resources committed to identifying and curbing information blocking.  
  • The ONC and OIG will play leading roles—the ONC reviewing reports of information blocking and offering technical assistance, and the OIG investigating and taking enforcement actions where necessary.
  • Those found violating the law may face:
    • Disincentives under applicable Medicare/Medicaid‑linked programs (for providers)
    • Civil monetary penalties up to $1 million per violation (for health IT developers, health information networks, or exchanges) 
    • Termination of certification or being banned from the ONC Health IT Certification Program for certified health IT developers who fail to comply

Why This Matters

  • For patients: guaranteed legal rights to see, use, and share their EHI, which HHS believes supports more informed decision‑making, error detection, easier coordination of care, and better health outcomes.  
  • For innovators: clearer expectations and enforcement, which HHS believes can reduce uncertainty, encourage development of tools, apps, or platforms that leverage health data more freely.
  • For healthcare providers: greater interoperability, less friction in data exchange, supporting efforts to improve care, reduce waste, and increase efficiency.

What to Do

  • Reporting: Patients, providers, innovators, or anyone who has witnessed or experienced information blocking can report through the ONC’s “Report Information Blocking Portal.”  
  • Compliance: Those subject to the information blocking rules should evaluate their practices now to ensure they are not in violation of the law—especially around how they share EHI, which apps are supported, and cost/technical barriers.

Bottom Line

HHS’s increased focus on enforcement of information blocking rules represents a clear warning to the healthcare industry – patient data must flow freely, legally, and responsibly. For healthcare providers and IT vendors, now is the time to ensure full compliance with federal law or face potential significant consequences.

Compliance programs, in coordination with legal counsel, should be vetting all relevant policies and procedures, and their operational implementations, to ensure consistency with the law.

Tags: 21st Century Cures Act (2016), electronic health information (EHI), U.S. Department of Health and Human Services (HHS)
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of John W. Kaveney John W. Kaveney

Partner, Healthcare and Litigation

John focuses his practice in the area of healthcare law, representing a range of clients that includes for-profit and non-profit hospitals and health systems, academic medical centers, individual physicians and physician groups, ambulatory surgery centers, ancillary service providers, medical…

Partner, Healthcare and Litigation

John focuses his practice in the area of healthcare law, representing a range of clients that includes for-profit and non-profit hospitals and health systems, academic medical centers, individual physicians and physician groups, ambulatory surgery centers, ancillary service providers, medical billing companies, skilled nursing and rehabilitation facilities, behavioral health centers and pharmacies.

His practice in the healthcare field encompasses advising healthcare clients on corporate compliance matters, including the implementation of new, and the assessment of existing, corporate compliance programs. He also assists healthcare clients with compliance audits and investigations, as well as guiding clients through the self-disclosure and repayment processes. Finally, he provides general legal advice concerning compliance and regulatory matters under state and federal healthcare laws.

In the area of information privacy and data security, John advises healthcare clients on issues arising under the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH). This includes the implementation and assessment of privacy and security policies and procedures to ensure the proper protection and utilization of protected health information both by healthcare providers and the business associates with which they contract. In addition, he represents healthcare clients in investigating, reporting, and remediating information breaches and the liability such breaches create under various information privacy and security laws.

Additionally, John provides counsel on Medicaid and Medicare reimbursement matters before the Division of Medical Assistance and Health Services and the Provider Reimbursement Review Board, as well as assisting clients in civil litigation and with professional licensing and medical staffing concerns.

Contact information:

jkaveney@greenbaumlaw.com | 973.577.1796 | vCard | LinkedIn

For more information visit the Greenbaum, Rowe, Smith & Davis LLP website.

Read more about John W. Kaveney
Show more Show less
Related Posts
 A Response to the Big Beautiful Bill: Seven Days in June
June 2, 2026
 John Zen Jackson Installed as President of Medical History Society of New Jersey
May 29, 2026
 The ABC Test: NJ Adopts New Regulations for Determining Independent Contractor Status
May 11, 2026