On February 28, 2022, the Office of the National Coordinator for Health Information Technology (ONC) issued data on information blocking claims received since April 5, 2021, the effective date of information blocking regulations enacted under the 21st Century Cures Act (Cures Act). As a reminder, in accordance with the Cures Act’s prohibition on certain information blocking practices, in 2020 ONC issued a pair of rules (available here and here) to implement information blocking regulations (now found at 45 CFR Part 171).  Due to COVID-related delays, ONC ultimately set a compliance date for such regulations of April 5, 2021. ONC is now sharing preliminary data on the information blocking claims received for the first time.

ONC published data showing that 274 possible claims of information blocking have been received to date, with 176 claims submitted by a patient (directly or indirectly) and 42 by an attorney (the next largest category).  The highest number of claims submitted – 211 – identified a “health care provider” (which is defined broadly and can include without limitation a hospital, pharmacy, laboratory, or physician) as the actor allegedly responsible for information blocking,  followed by 42 claims against health information technology developers, with just two claims against health information exchanges.

The information blocking data are notable for the concentration of claims against health care providers, which could potentially influence enforcement priorities of the government. By law, the Office of Inspector General is authorized to investigate information blocking claims. The data might also serve as a resource for providers and compliance advisers to assess exposure to information blocking claims, review information access practices, and proactively implement compliant processes to maintain security as well as interoperability in accordance with the Cures Act, HIPAA, and the myriad additional federal and state privacy and security obligations of health care organizations.

Photo of Conor Duffy Conor Duffy

Conor Duffy is a member of Robinson+Cole’s Health Law Group and the firm’s Data Privacy + Security Team. Mr. Duffy advises hospitals, physician groups, accountable care organizations, community providers, post-acute care providers, and other health care entities on general corporate matters and health…

Conor Duffy is a member of Robinson+Cole’s Health Law Group and the firm’s Data Privacy + Security Team. Mr. Duffy advises hospitals, physician groups, accountable care organizations, community providers, post-acute care providers, and other health care entities on general corporate matters and health care issues. He provides legal counsel on a full range of transactional and regulatory health law issues, including contracting, licensure, mergers and acquisitions, the False Claims Act, the Stark Law, Medicare and Medicaid fraud and abuse laws and regulations, HIPAA compliance, state breach notification requirements, and other health care regulatory matters. Read his full rc.com bio here.