On September 3, 2025, the U.S. Department of Health and Human Services (HHS) announced that HHS would increase resources to enforce the information blocking prohibition under the 21st Century Cures Act. Generally, the information blocking prohibition applies to certified health IT developers (e.g., electronic health records), offerors of certified health IT, health information networks and health information exchanges, and healthcare providers (collectively, “Actors”). Information blocking amounts to a practice by these Actors that interferes with authorized access, exchange, or use of electronic health information, unless the practice is required by law, or an exception applies. Certified health IT developers, entities offering certified health IT, health information exchanges, and health information networks are subject up to $1 million penalty per information blocking violation. Providers that are found to have committed information blocking are subject to disincentives that include not being a meaningful user under the Medicare Promoting Interoperability Program and under the Quality Payment Program in the applicable calendar year or may be deemed ineligible to participate in a Medicare Shared Savings Program for at least one year, as applicable. These disincentives can result in significant negative financial implications for such healthcare providers.

As expected, the Office of the Assistant Secretary for Technology Policy/Office of the National Coordinator for Health IT (ASTP/ONC) and HHS Office of Inspector General (OIG) will play leading roles in this initiative. According to HHS’s announcement, Acting Inspector General Juliet T. Hodgkins said, “HHS-OIG will deploy all available authorities to investigate and hold violators accountable.” Tom Keane, MD, Assistant Secretary for Technology Policy and National Coordinator for Health Information Technology, stated that ASTP/ONC has “already begun reviewing reports of information blocking against developers of certified health IT under the ONC Health IT Certification Program and [is] providing technical assistance to … colleagues at OIG for investigations.”

HHS encouraged patients, providers, payers, local health departments, and health IT companies to report alleged information blocking through ASTP/ONC’s Report Information Blocking Portal. In ASTP/ONC’s FAQs related to submitting an information blocking claim, ASTP/ONC clarifies that “Anyone, individually or as a group, can have a third party of their choosing submit a claim of possible information blocking to HHS on their behalf.” According to ASTP/ONC, between April 5, 2021 through August 31, 2025, there were 1,336 possible claims of information blocking that were submitted through the ASTP/ONC Information Blocking Portal.

Last week, on September 4, 2025, HHS held a meeting titled, “Un-Blocking Health Information Bootcamp,” for health IT innovators whose products need to interact with technology of developers of certified health IT, including a focus on patient access to electronic health information.

This is on the heels of CMS’s announcement last month of its creation of the Health Tech Ecosystem for improving access to patient data and the September 3, 2025, House Energy & Commerce Health Subcommittee hearing on “Examining Opportunities to Advance American Health Care through the Use of Artificial Intelligence Technologies” that also emphasized the need for interoperability and access to data.

Meanwhile, state courts have started to weigh in on information blocking enforcement as the premise for state law violation claims, including unfair competition claims. Additionally, states such as Tennessee (Tenn. Code Ann. § 47-25-113), have started incorporating information blocking prohibitions under state laws.

Takeaways

• The Trump administration, HHS-OIG, and ASTP/ONC appear focused and geared to enforce against information blocking as a means to advance interoperability and innovative technology in general.
• Information blocking is being enforced through various state laws.
• Actors should ensure they are in compliance with the information blocking regulations, including updating their privacy policies and procedures and ensuring requests for electronic health information are promptly addressed in compliance with federal and state laws.
• Service and licensing agreements related to data access should be reviewed, including for overburdensome interoperability and data exchange requirements, related representations and warranties, and termination provisions that would undermine their information blocking defenses or enforcement strategies, as may be applicable and necessary.

For more information, please contact Wilson Sonsini attorneys Jodi Daniel and Lidia Niecko-Najjum, or any member of Wilson Sonsini’s Digital Health practice.