Skip to main content


Understanding The Information Blocking Rule

Aug 23, 2021 07:00AM ● By Med Magazine

By COPIC’s Patient Safety and Risk Management Department


Information Blocking is the term adopted by the Office of the National Coordinator for Health Information Technology (ONC) to address barriers to accessing electronically stored patient information by providers, patients, and others entitled to it. Examples include:

  • A physician cannot receive records from a facility when needed

  • An EHR cannot exchange data with an EHR from another vendor

  • A patient cannot view their test results in a timely way

The federal government has indicated a high degree of commitment to enforcing this Rule. As an indication, fines in 2019 for “delay in releasing patient records” under HIPAA averaged $85,000 per incident. While HIPAA generally took the approach of requiring processes to release information, the Information Blocking Rule requires specific justifications to withhold information. This is a major shift. Providers will need to comply with both HIPAA and the Cures Act Information Blocking Rules. The rules took effect on April 5, 2021.


The information covered by the Rule is very broad. Initially, it comprises most electronic health information (EHI—in HIPAA terms, ePHI—used interchangeably). Until October 6, 2022, this will consist of the data elements of the US Core Data for Interoperability (USCDI) v.1 standard. These are: Allergies and intolerances, Assessment and Plan, Care Team Members, Clinical Notes, Goals, Health Concerns, Immunizations, Laboratory, Medications, Patient Demographics, Problems, Procedures, Provenance, Smoking Status, Unique Device Identifiers and Vital Signs. NOT: Medical imaging studies themselves; only the reports.

After October 6, 2022, the definition of EHI becomes broader to include all:

  1. Medical records and billing records about individuals

  2. Other records used, in whole or in part, by physicians to make decisions about individuals. This probably includes medical imaging files. (If a provider or a patient would use it for medical decision making, and it’s stored electronically, it’s included.)


Health Care Providers1, Health IT Developers and Health Information Networks/Exchanges. The Rule refers to these collectively as “Actors.”


Information blocking can be any practice that interferes with access, exchange or use of EHI, unless an exception applies. For example:

  • Restricting access that is otherwise authorized or permissible by applicable law.

  • Nonstandard technology that increases the complexity or burden of access, exchange or use.

  • Disabling or restricting a technical capability to share EHI for legally permissible purposes.

  • Limiting technology in ways that make export, exchange or transitions between IT systems more difficult; including charging unreasonable fees.

Some “high risk” activities that are likely to be reported as violations include limiting or delaying:

  • Patients’ access to their own information, including lab and test results.

  • Providers’ access to information for treatment or quality improvement.

  • Payers’ access to clinical information for payment purposes.

  • Access for safety and public health purposes.


The Rule gives eight exceptions to the definition of information blocking. These are legalistic and somewhat technical. A practice should seek legal counsel if it wishes to invoke one of them. The exceptions fall into the categories of Preventing Harm, Privacy, Security, Infeasibility, IT Performance, Content and Manner, and Fees and Licensing. Those covered by the Rule would be wise to study them. If an exception is to be claimed, the “actor” should document thoroughly how they applied the relevant exception. 


The concept of “Open Notes” has been around for decades. It basically means, “The patient has the right to see their medical information.” If a practice has been following an “Open Notes” philosophy, they will probably not find much changed in terms of culture, after April 5th, 2021 (effective date of the Rule). Practices that have been more hesitant about releasing information will need to make abrupt adjustments.

However, whatever the provider’s intentions, there is a major technology component to complying with this Rule. Some EHR vendors are not prepared to deliver EHI to external recipients in a form or at a speed that will satisfy the Rule. This may be true despite the most reassuring claims. Practices should contemplate these situations:

  • Patient requests for discussions about information they have seen in their records.

  • Patient requests for changes in information they feel is erroneous or incomplete. Be sure you are familiar with the proper process for making alterations in clinical records. This is patients’ right under HIPAA. Providers also have the right to refuse to make “corrections” under certain circumstances; this situation should be discussed with qualified counsel.

  • Be sure to review the output of your EHR “portal.” Don’t take for granted that having a portal is sufficient. Some vendors misunderstand what information is required. Some EHRs impose filtering or other barriers upon what is displayed. These may become violations after April 5th.