The U.S. Department of Health and Human Services (HHS) has announced a renewed effort under Secretary Robert F. Kennedy, Jr. to crack down on information blocking practices that limit the ability of patients to access, exchange, or use their electronic health information (EHI). 

What Is Being Targeted

  • Those failing to comply with the legal obligations under the 21st Century Cures Act (2016), including certified health IT developers, providers, health information networks, and health information exchanges.
  • Any efforts that hinder or otherwise unlawfully restrict access, exchange, or use of EHI.

What Laws Empower HHS

  • The 21st Century Cures Act gives ASTP/ONC (the Office of the Assistant Secretary for Technology Policy / Office of the National Coordinator for Health Information Technology) and the HHS Office of Inspector General (OIG) authority to enforce rules against information blocking.  
  • The ONC’s Cures Act Final Rule confirms that patients must have free, easy electronic access to their EHI—including via apps of their choice—and that providers should be able to choose digital tools without being hampered by excessive costs or technical barriers.  

Key Voices

HHS officials emphasized that data transparency is central to transforming healthcare.

In the words of Deputy Secretary Jim O’Neill:

“Unblocking the flow of health information is critical to unleashing health IT innovation and transforming our healthcare ecosystem. . . We will take appropriate action against any health care actors who are found to be blocking health data for patients, caregivers, providers, health innovators, and others.”

This statement underscores the administration’s broader goal of empowering patients in an effort to improve care.

Moreover, such efforts to root out information blocking have already begun.

Tom Keane, MD, Assistant Secretary for Technology Policy and National Coordinator for Health Information Technology has stated:

“We had already begun reviewing reports of information blocking against developers of certified health IT under the ONC Health IT Certificate Program and are providing technical assistance to our colleagues at OIG for investigations.”

Thus, the time for action by providers and others to ensure compliance with the law is now. 

Key Changes & Enforcement Measures

  • HHS is increasing the resources committed to identifying and curbing information blocking.  
  • The ONC and OIG will play leading roles—the ONC reviewing reports of information blocking and offering technical assistance, and the OIG investigating and taking enforcement actions where necessary.
  • Those found violating the law may face:
    • Disincentives under applicable Medicare/Medicaid‑linked programs (for providers)
    • Civil monetary penalties up to $1 million per violation (for health IT developers, health information networks, or exchanges) 
    • Termination of certification or being banned from the ONC Health IT Certification Program for certified health IT developers who fail to comply

Why This Matters

  • For patients: guaranteed legal rights to see, use, and share their EHI, which HHS believes supports more informed decision‑making, error detection, easier coordination of care, and better health outcomes.  
  • For innovators: clearer expectations and enforcement, which HHS believes can reduce uncertainty, encourage development of tools, apps, or platforms that leverage health data more freely.
  • For healthcare providers: greater interoperability, less friction in data exchange, supporting efforts to improve care, reduce waste, and increase efficiency.

What to Do

  • Reporting: Patients, providers, innovators, or anyone who has witnessed or experienced information blocking can report through the ONC’s “Report Information Blocking Portal.”  
  • Compliance: Those subject to the information blocking rules should evaluate their practices now to ensure they are not in violation of the law—especially around how they share EHI, which apps are supported, and cost/technical barriers.

Bottom Line

HHS’s increased focus on enforcement of information blocking rules represents a clear warning to the healthcare industry – patient data must flow freely, legally, and responsibly. For healthcare providers and IT vendors, now is the time to ensure full compliance with federal law or face potential significant consequences.

Compliance programs, in coordination with legal counsel, should be vetting all relevant policies and procedures, and their operational implementations, to ensure consistency with the law.