Information BlockingEdit
Information blocking refers to practices that impede the access, exchange, or use of electronic health information outside the patient’s care context. The term has become a focal point in debates over patient autonomy, health IT interoperability, and regulatory policy in the United States and beyond. Proponents of greater data portability argue that patients should own and control their health data and that technology standards and open interfaces can drive competition, lower costs, and improve care outcomes. Critics warn that incomplete sharing can jeopardize privacy, security, and patient safety, and that careless data access can expose sensitive information. In recent years, lawmakers and regulators have responded with measures intended to discourage deliberate withholding of information while preserving appropriate safeguards.
Interoperability—the ability of different information systems to exchange data in a usable form—lies at the heart of this issue. The idea is not merely about moving files from one system to another; it is about ensuring that clinicians, patients, and app developers can access timely, accurate information when it matters most. A patient who travels or changes providers benefits from a complete record, as do researchers and health systems seeking to reduce duplicate tests or coordinate care more efficiently. At the same time, there are legitimate concerns about privacy, data security, and the potential for information overload if data are made accessible without appropriate controls. These tensions shape a policy landscape in which rightfully skeptical voices argue for robust protections and light-touch or market-driven solutions where feasible.
What information blocking looks like in practice
- Refusing to provide data that is already created and stored in an electronic health record (EHR) or health information exchange (HIE) in a timely, machine-readable form.
- Imposing onerous or nonstandard formats that effectively prevent the data from being used by other systems, apps, or care teams.
- Delaying the release of data beyond what is reasonably needed for patient care or operational purposes.
- Forbidding authorized access by patients or by third-party applications that meet reasonable standards of security and privacy.
These behaviors are the kinds of practices that policymakers seek to deter with targeted rules, while carving out safe harbors for legitimate privacy, security, and safety reasons. The push and pull around information blocking also interacts with broader questions about who should control data and how fast data should move between providers, patients, and developers.
Legal and regulatory framework
- The 21st Century Cures Act set the policy goal of reducing information blocking and accelerating patient access to health information. It established the framework for regulatory action to prevent unreasonable restrictions on data sharing and to promote patient-centered data portability. Cures Act
- The Office of the National Coordinator for Health IT (ONC) issued an Information Blocking Rule to define what counts as information blocking and to specify the circumstances under which sharing may be delayed or denied. It identifies several exceptions that permit reasonable limitations on data access or exchange, including privacy and security safeguards, national laws, and certain public safety considerations. Office of the National Coordinator for Health Information Technology
- The rule emphasizes patient access as a default, with standardized, machine-readable formats and open APIs to enable developers to build interoperable tools and apps. It also requires covered entities to maintain auditable workflows and provide documentation to demonstrate compliance. APIs FHIR
- Privacy and security considerations are central to the regime. While patients have a strong interest in access, providers and vendors argue for safeguards to prevent misuse of sensitive information and to protect against data breaches. The balance between openness and protection is a continuing policy touchstone. HIPAA data security
- Enforcement can include penalties for failing to comply with the information blocking requirements, along with ongoing oversight to ensure that the rules are implemented in practice. interoperability
Stakeholders, policy debates, and perspectives
A market-oriented view emphasizes that patients should own their data and that competition among providers, EHR vendors, and app developers will improve care and lower costs. When data move more freely, innovative patient-facing tools can emerge, enabling better price transparency, smarter care decisions, and reduced duplication of tests. In this view, government mandates should set clear expectations and provide a common framework (standards, APIs, and accreditation) rather than micromanage every data exchange. Supporters point to the long-run efficiency gains from interoperable systems, as well as the potential to unlock better outcomes through data-driven decision-making. interoperability electronic health record FHIR
Detractors warn that information sharing can introduce new privacy and security vulnerabilities, especially given the sensitivity of health information. They argue that rules should be carefully tailored to avoid exposing individuals to identity theft, discrimination, or other harms. Some critics contend that a broad push for data portability could impose costly compliance burdens on small practices and rural providers, potentially diverting resources from direct patient care. The concern is that well-intentioned openness might become impractical or destabilizing if not paired with robust, enforceable protections. privacy data security
Controversies also involve how to handle sensitive information, structural incentives within the health care system, and the capacity of technology standards to scale across diverse settings. Proponents of strong sharing argue that gaps in data availability slow diagnosis and care coordination, while opponents emphasize that meaningful safeguards—such as consent models, patient control over data sharing, and secure authentication—are essential to prevent misuse. Some critics of the more expansive openness claim that it risks transforming health data into a commodity without sufficient attention to the rights and expectations of patients, though many of these concerns are addressed within the safe harbors and safeguards of the regulatory framework. patient access health information exchange
From a policy viewpoint aligned with market mechanisms, it is important to ensure that compliance costs do not become an obstacle to adoption of interoperable solutions, especially for small providers and rural health systems. The objective is not only to move data but to ensure that the data can be used safely, reliably, and profitably by third-party developers building consumer-friendly tools, while preserving patient trust. Advocates also emphasize that clear, predictable rules reduce the risk of anticompetitive behavior by dominant vendors and create room for competition based on service quality, data accuracy, and user experience. antitrust health information exchange
Some critiques of information-blocking discourse from the broader public policy debate frame the issue in terms of equity and social justice. From the perspective outlined here, those concerns are acknowledged but should not derail practical reforms that empower patients and foster innovation, provided that privacy and security safeguards are robust. Critics who attach sweeping moral or ideological agendas to data-sharing goals are typically pointed to as overstating the net harms of openness or underestimating the benefits of patient-driven access. In the practical governance of health data, the emphasis remains on patient control, clarity of standards, and proportional safeguards. privacy by design
Technology, standards, and implementation
Interoperability rests on converging standards and practical capabilities. Key components include open application programming interfaces (APIs), standardized data models, and common vocabularies so data can be interpreted consistently across systems. The Fast Healthcare Interoperability Resources (FHIR) standard, developed under the auspices of HL7, is a central element in modern information-sharing efforts, enabling app developers to access data with developer-friendly schemas and secure authorization. FHIR HL7 The success of information-blocking policy, therefore, hinges on the adoption of these standards by providers, vendors, and public programs, backed by enforcement that is consistent and predictable. interoperability
Another important dimension is patient access tools and user-centric design. When patients can retrieve their records through simple, secure channels, it becomes easier to compare care options, switch providers if necessary, and participate actively in health decisions. This is often framed as a win for consumer empowerment and market competition, not merely a regulatory obligation. patients electronic health record
Safeguards and risk management are essential to address privacy and security risks. The framework recognizes that information about health conditions, medications, and treatment history is highly sensitive. Reasonable restrictions exist, for example, when data could endanger a patient or others if disclosed, or when information is subject to ongoing privacy or security assessments. Practically, this means layered protections, strong identity verification, and robust auditing in addition to any data-sharing capabilities. privacy data security