U.S. HHS cracks down on health IT firms over information blocking
WASHINGTON, UNITED STATES — The United States Department of Health and Human Services (HHS) is stepping up enforcement against health IT companies accused of blocking the flow of electronic health information, nearly a decade after Congress banned the practice.
According to a report from Healthcare Dive, the move signals a long-awaited shift from policy to action in ensuring patient data can move freely between providers, patients, and technology developers.
Information blocking complaints trigger HHS investigations
Health IT regulators, led by the Office of the National Coordinator for Health Information Technology (ONC) and the Assistant Secretary for Technology Policy (ASTP), have begun referring complaints of information blocking to the HHS Office of Inspector General (OIG) for investigation.
“We are a quarter of the way through the 21st century, and information blocking is unacceptable,” said Dr. Thomas Keane from ASTP/ONC, during a Senate subcommittee hearing.
Since 2021, more than 1,500 complaints have been submitted through the ASTP/ONC public portal, highlighting a high volume of apparent violations.
The 21st Century Cures Act of 2016 prohibited information blocking, but enforcement faced years of delays due to ambiguous legal language. The HHS finally established penalty frameworks for health IT vendors in 2023, followed by provider regulations a year later.
In February, the ASTP/ONC began issuing notices to companies potentially violating the law.
“We work with the assumption at ASTP that everybody wants to be a good actor in the market,” Kean said.
“When we find that people are thought by their exchange partners to be information blocking, we inform them. We discuss with them what we think they’re doing incorrectly, and if it comes to it, then we issue a notice of nonconformity and we refer the case to the Office of Inspector General,” Keane added.
Information blocking penalties and healthcare compliance
Health IT developers and networks found guilty of information blocking could face steep fines of up to $1 million per violation, while providers may risk losing Medicare payments. The ASTP/ONC may also revoke health IT certifications, raising the stakes for compliance.
“I do think we need to start holding some of these companies accountable,” said Senate committee members, voicing out support for action, with Senator Roger Marshall, R-Kan.
This renewed enforcement landscape requires healthcare providers and technology vendors to deal with more difficult challenges for maintaining regulatory compliance while enabling uninterrupted data sharing.
Many organizations must assess the capability of their internal teams to meet current demands or evaluate the effectiveness of a blended onshore-offshore model, which offers better coverage and cost savings.
From an outsourcing perspective, the HHS enforcement action provides IT service providers with an opportunity to help health organizations meet their compliance standards as they are required to follow regulations. The providers can use their specialized teams with their adaptable work systems to handle enforcement threats while they protect patient data from unauthorized access.
