Since the introduction of the Information Blocking regulations under the 21st Century Cures Act in 2021, there has been a lot of confusion about what exactly information blocking means, how to avoid it, and how to comply with this complex regulation.
Today, we’re diving in on this topic, sharing a little more about what Information Blocking is, how it has recently changed, and how you can find compliance with this regulation in 2025.
Want to jump in right away? Click here to download our Information Blocking cheat sheet for a quick reference guide to complying with this regulation:
Are You Information Blocking?
Download our cheat sheet to understand this complex regulation, including the specific clinical notes you must release!
What is Information Blocking?
Under the Information Blocking provision of the 21st Century Cures Act, you are required to disclose all Electronic Health Information (EHI) to a patient, personal representative, or another treatment provider unless one of the nine exceptions applies. Failure to do so constitutes information blocking.
While the practice is called information blocking, the regulation should probably have been called something like “The Prevention of Information Blocking” to make clear that this regulation establishes systems to ensure the free flow of health information between patients and providers, not the reverse as the name may imply.
The rule exists to ensure that everybody who has a legal right to access certain patient information is able to do so without unnecessary delay.
While Information Blocking is newly requiring the free flow of information, in fact it was always permissible under HIPAA to share information without patient authorization (though some states may have their own patient authorization requirements).
Many healthcare entities elected to implement a request process involving written consent or patient forms out of an abundance of caution, hoping to protect PHI, but it in fact resulted in delays of treatment or patient care, creating the need for the Information Blocking regulations.
Information Blocking Definition
“Preventing, discouraging, or interfering with the access, exchange, or use of information.”
21st Century Cures Act
Information Blocking Changes 2024
One of the defining features of the Information Blocking rules is their newness, and this results in a great deal of change as clarity is required, or as available technology develops. In 2024, we saw four major regulatory changes impacting Information Blocking, including the all-important answer to the question of enforcement.
Information Blocking Disincentives
One of the most significant developments related to Information Blocking in 2024 was the finalized Disincentives for Healthcare Providers that Have Committed Information Blocking. Published July 1, 2024, with an effective date of July 31, 2024, this rulemaking outlined enforcement measures for Information Blocking regulations based on the type of entity found to be blocking information.
The disincentives, which apply to all entity types, include a civil monetary penalty that could cost up to $1 million per violation, in addition to a listing on a digital “wall of shame.”
Additional disincentives could include 1-year ineligibility for an Accountable Care Organization (ACO), resulting in potential lost revenue through the Shared Savings Program, and 1-year ineligibility for Merit-based Incentive Payment System (MIPS), as well as a CMS penalty.
The disincentives are particularly severe where Critical Access Hospitals (CAHs) are concerned, however, as they are the only entity type specifically called out under the rulemaking for disincentives. CAHs found to be information blocking will be ineligible for the Medicare Promoting Interoperability Program (PIP) and lose both their Market Basket Increase and Cost Report Reimbursement Incentive.
Across the board, these significant disincentives should make it clear to every entity type that the ONC is taking Information Blocking violations very seriously, and that it is critical to understand and implement this regulation effectively to avoid this enforcement action.
Health Data, Technology, and Interoperability Changes 2024
As the relatively new Information Blocking rules are ironed out, the ONC has released a number of changes and clarifications under the framework of Health Data, Technology, and Interoperability (HTI) regulations, released throughout 2024 and now into 2025 as well.
The first of these changes, HTI-1, clarified a few of the permissible exceptions to Information Blocking, eliminated the content exception, and created a new exception. It went into effect March 11, 2024.
HTI-2, published Dec 15, 2024 and effective Jan 15, 2025, defined and implemented provisions related to the Trusted Exchange Framework and Common Agreement (TEFCA) manner exception.
Finally, HTI-3 was published Dec 17, 2024, and was effective immediately, revising exceptions to Information Blocking and establishing an additional exception, the protecting care access exception.
Each of these changes required updates to Information Blocking policies and implementation procedures. If you are a HIPAAtrek client, you already have access to updated policy templates in your HIPAAtrek account.
Want to get access to our complete library of updated policy templates? Schedule a demo today to learn more about HIPAAtrek.
Information Blocking Changes 2025
As if the changes and developments to the Information Blocking rules in 2024 weren’t enough, we are tracking additional changes to come in 2025.
The next proposed rule related to Health Data, Technology, and Interoperability (HTI) and impacting Information Blocking, was published in July 2024, and anticipated to be finalized in March 2025. This rulemaking constitutes further changes to Information Blocking, expanding uses of certified APIs and defining standards for information sharing.
Once again, this is a change that will require updates to your existing Information Blocking policies and practices. Keep track of all the regulatory changes we are tracking at HIPAAtrek in our Changing Regulations Hub.
How to Comply with Information Blocking
So, with all of this confusion, updates to procedures, and change, how are you supposed to comply with Information Blocking? It all begins with a policy review.
Step 1: Policy Review
As we’ve said before, policies are the backbone of your compliance program. And it’s no different with Information Blocking.
It is critical, especially in an environment of such rapid regulatory change, to be sure your policies are up to date with the latest version of the regulations to ensure compliance.
In addition to reviewing your Information Blocking policies, you should also review any other policies and procedures that address releasing information, to be sure they aren’t outlining outdated practices that would now constitute blocking information.
Additionally, implementation of policies, including daily practices around release of information, are critical to monitor. You can’t simply review and update policies in a vacuum. You’ll need to consult with key stakeholders and medical records staff about their processes to be sure they are in alignment with the updated policies as well.
Step 2: Understanding Information Blocking Exceptions
The next step to complying with Information Blocking is to understand when it may be appropriate to withhold information—that is, the exceptions to Information Blocking. A keen and nuanced understanding of the exceptions to Information Blocking is critical to implementing and documenting these exceptions correctly.
As a compliance officer, you should educate yourself on the proper application of these exceptions, when they apply (including when they no longer apply), and how to document use of an exception.
The exceptions to Information Blocking include:
- Preventing Harm Exception
- Privacy Exception
- Security Exception
- Infeasibility Exception
- Health IT Exception
- Manner Exception
- Fee Exception
- Licensing Exception
- TEFCA Manner Exception
There are many common misconceptions when it comes to applying these exceptions, so it is critical to understand how and why you may use them.
For example, the preventing harm exception applies only when you have reason to believe that a patient may cause physical harm to themself or others due to the nature of information contained in their medical records. That means having reason to believe that the information would cause mental harm or emotional distress would not allow for use of this exception.
Be sure to do your research to understand the nuance of each of the exceptions, so that you can use them properly.
Step 3: Training
Training is critical to creating compliance in action, and it’s no different when it comes to Information Blocking. Be sure your staff is effectively trained on when to release information, how promptly information should be released, and when exceptions may and may not apply.
Providers should be trained on proper timeliness and workflows around releasing notes or test results, and medical records staff should have a robust understanding of Information Blocking.
Training is especially critical if the Information Blocking regulations conflict with your previous workflows for releasing information. Whenever workflows need to change, it is critical to avoid falling into old habits and routines.
Regular training supports proper protocols, and you can also reinforce training with posters, informational handouts, or reference workflows to follow.
HIPAAtrek clients have access to valuable training videos as well as supplemental materials to help train staff on this complex regulation. Click here to learn more.
Step 4: Watching for Changes
Of course, the current state of compliance and the regulatory environment means that monitoring for further change is critical.
Be sure to monitor for upcoming changes to Information Blocking, as well as other regulations that may impact your compliance program or release of information processes.
When a regulation changes, you’ll need to update your policies and training to reflect the update and ensure ongoing compliance. Don’t forget to review any posters, handouts, workflows, or other supplemental materials as well to ensure processes truly align with the updated regulations.
Not sure where to start? Check out our Changing Regulations Hub to learn more about the changes coming soon.
Complying with Information Blocking Regulations in 2025
While the Information Blocking regulations have been a source of fear and confusion for many compliance leaders, there is no reason to feel intimidated. When in doubt, remember that Information Blocking was created to ensure the free flow of information, and ask yourself whether your procedures are allowing for that, or hindering it.
Tracking upcoming changes to the regulations, and keeping your policies updated accordingly are foundational to creating compliance. Then, build compliance in action by training your team in proper practices to avoid blocking information.
Once you have a firm understanding of Information Blocking, you can do your part to support patient care, as well as protecting your organization from patient complaints and enforcement actions.
Ready to find Compliance Confidence with Information Blocking? Download our Information Blocking cheat sheet for future reference:
Don’t Get Caught Information Blocking!
Download our cheat sheet to learn more about the types of clinical notes you must share, as well as common examples of Information Blocking you should avoid.
