U.S. cracks down on health IT data blocking with new sanctions
NEVADA, UNITED STATES — The United States government is moving to penalize health information technology (IT) developers that restrict the flow of patient data, with regulators warning that noncompliant vendors could lose certification, trigger financial losses for healthcare providers, and face steep fines.
According to a report from Healthcare Dive, at the 2026 HIMSS conference, Assistant Secretary for Technology Policy and National Coordinator for Health IT Dr. Thomas Keane said the agency is issuing notices of nonconformity to developers suspected of information blocking—marking the first significant enforcement step in nearly a decade since Congress outlawed the practice.
Stricter enforcement raises stakes for providers and vendors
For hospitals, clinics and health systems, the crackdown could carry immediate operational and financial implications.
Developers found guilty of information blocking risk losing their health IT certification which serves as a mandatory requirement for federal and state program participation. If certification is revoked, providers using those systems may also lose incentive payments from the Centers for Medicare & Medicaid Services.
The policy requires providers to handle part of the compliance work and to verify that their technology partners follow federal interoperability standards. The HHS Office of Inspector General can also impose fines of up to $1 million per violation.
“What’s great about the law is it doesn’t say exactly what an instance constitutes,” Keane said. “So, in theory, the penalties could be quite large.”
Regulators say developers will have a chance to respond and implement corrective action plans before certification is withdrawn. Still, the message is clear: data silos will no longer be tolerated.
“No one — not a doctor, not a hospital, not an EHR vendor — should be able to hoard health information for their own gain,” Keane said. “It’s bad for patients, bad for innovation, and, quite frankly, bad for business.”
Outsourcing partners emerge as interoperability enablers
As enforcement intensifies, many providers are reassessing how they manage data exchange, compliance and patient access. Outsourcing partners now function as interoperability enablers instead of serving as barriers to organizations.
Outsourcing providers enable health systems to implement proper data management practices through their standardized data integration support that helps with international data sharing and needs for regulatory compliance.
This includes managing electronic health record (EHR) integrations, ensuring timely patient access to records and aligning workflows with evolving federal requirements.
The U.S. healthcare organizations that currently face difficulties with their disconnected IT systems will experience increased need for outside specialists who can help them understand both technical matters and regulatory requirements.
In this environment, vendors that prioritize transparency and seamless data sharing—and partners that help implement those capabilities—are likely to gain favor.
The crackdown serves to support a wider policy objective which requires patient data to move throughout the healthcare system with both security and efficiency while establishing accountability for developers and their tools to healthcare providers.
