21st Century Cures Act Information Blocking Rule: Innovative and In Effect

In May of 2020, the Office of the National Coordinator for Health Information Technology (ONC) released the 21st Century Cures Act: Interoperability, Information Blocking, and the ONC Health IT Certification Program (the Information Blocking Final Rule). The Information Blocking Final Rule implemented far-reaching health IT provisions enacted in the 21st Century Cures Act, with the goals of achieving widespread interoperability among health IT systems and improving a patient’s ability to access their medical information.

The Information Blocking Final Rule applies to three categories of “actors:”

All Actors were subject to the Information Blocking Final Rule’s provisions beginning on April 5, 2021.

Information Blocking

The Information Blocking Final Rule prohibits Actors from undertaking any practice likely to interfere with, prevent, or materially discourage access to, exchange of, or use of Electronic Health Information (“EHI”).

Currently, EHI constitutes the data elements represented in the first version of the United States Core Data for Interoperability (“USCDIv1”) such as health data classes (e.g., patient demographics, clinical notes, and vital signs) and data elements (e.g., patient name, laboratory reports, and heart rate); essentially EHI constitutes information contained in a certified electronic health record (EHR). The definition of EHI will expand on October 6, 2022 to include all electronic PHI included in a patient’s designated record set, excluding psychotherapy notes; and information compiled in anticipation of litigation or administrative action.

As set forth in 45 C.F.R. Part 171, what constitutes a prohibited practice further varies based on Actor-type.

Examples of information blocking include:

Information Blocking Exceptions

The Information Blocking Final Rule defines eight information blocking exceptions divided into two categories:

1. Exceptions that involve not fulfilling requests to access, exchange, or use EHI, and

2. Exceptions that involve procedures for fulfilling requests to access, exchange, or use EHI.

These exceptions are summarized below. Note: Any Actor preparing to invoke an exception must meet all sub-exceptions enumerated in the regulations.

Information Blocking Exceptions:

When not fulfilling requests for EHI (42 C.F.R. §§ 171.200 -171.205)

When fulfilling requests for EHI (42 C.F.R. §§ 171.300-171.303)


Once the information blocking provisions go into effect, HIN/HIE and Health IT Developers face up to a $1 million penalty per violation of the information blocking prohibition. The requirements will be enforced by the HHS Office of the Inspector General, which has yet to promulgate enforcement rules.  Furthermore, Health IT Developers face a Certification Ban for Certified EHR Technology. Healthcare Providers are subject to yet-to-be-defined “appropriate disincentives” for information blocking violations. These “appropriate disincentives” have not yet been published but will be determined in future rulemaking.

Key Takeaways

Now that the compliance deadline has passed, Actors should take inventory of their current procedures for receiving, making, and responding to requests to access, exchange, or use of EHI. Healthcare providers, specifically, should consider adopting “reasonable” policies, procedures, and practices, as the information blocking definition for healthcare providers requires providers to know that such a practice is “unreasonable.” Furthermore, all Actors should take inventory of current practices for denying or fulfilling requests and determine which do (or do not) fit within an enumerated exception to information blocking.

© Polsinelli PC, Polsinelli LLP in California
National Law Review, Volumess XI, Number 222