The Data Liberation Moment: How HHS’s Crackdown on Information Blocking Will Transform Healthcare

The U.S. Department of Health and Human Services (HHS) has issued a decisive enforcement announcement that will change the digital health landscape. This crackdown on information blocking is not just another regulatory notice — it’s a turning point that will force the free flow of electronic health information (EHI), unlock the potential of AI and virtual care, and fundamentally reshape how providers, health systems, and innovators deliver care.

For healthcare leaders, compliance is no longer a back-burner issue. With financial penalties, reputational risk, and operational consequences now attached to violations, interoperability has become a strategic and clinical priority (Department of Health and Human Services [HHS], n.d.).

The End of Data Hoarding: A Decade in the Making

This enforcement action represents the final step in a journey that began with the 21st Century Cures Act in 2016, which mandated interoperability and prohibited information blocking (PMC, n.d.). Over the past several years, regulators have gradually phased in rules:

• April 2021: Initial regulations took effect, covering a limited set of data elements (HealthIT.gov, n.d.).

• October 2022: Scope expanded to include all EHI (HealthIT.gov, n.d.).

• June 2023: Civil monetary penalties finalized for health IT developers and HIEs/HINs (American Hospital Association [AHA], 2025).

• June 2024: Provider disincentives formally adopted (American Medical Association [AMA], n.d.-b).

• September 2025: HHS directs OIG and ONC to begin active enforcement — the “hammer falls” (HHS, n.d.).

This careful, phased approach shows that the crackdown is not a knee-jerk policy response but the logical conclusion of a years-long strategy to make patient data accessible, secure, and actionable.

What Healthcare Leaders Need to Know

The final rule applies to three groups: healthcare providers, health IT developers, and health information exchanges/networks (HIEs/HINs) (HealthIT.gov, n.d.). The penalties are significant:

• Health IT developers and HIEs/HINs: Civil monetary penalties of up to $1 million per violation, and possible removal from the ONC Health IT Certification Program (AHA, 2025).

• Hospitals: Loss of “meaningful EHR user” status, resulting in a 75% payment reduction in CMS updates (AMA, n.d.-b).

• Clinicians: A zero score in the MIPS Promoting Interoperability category, directly affecting reimbursement (AMA, n.d.-b).

• ACOs: Potential exclusion from the Medicare Shared Savings Program for at least one year (Baker Donelson, n.d.).

Adding to the stakes, HHS will publicly post confirmed violators on its reporting portal — essentially a “wall of shame” — listing the organization, its address, and its blocking practices (AHA, 2025). In an era where patient trust and transparency are business drivers, reputational damage could be far costlier than the financial penalties.

Interoperability as a Catalyst for AI and Virtual Care

This crackdown is the policy catalyst that healthcare AI and telehealth have been waiting for. Artificial intelligence and machine learning require large, diverse, high-quality datasets to function effectively. Historically, data silos have limited innovation and slowed adoption of digital health tools (Clearstep, n.d.).

By mandating open data exchange, HHS is:

• Unlocking AI’s potential to improve diagnostic accuracy, predict disease risk, and automate administrative tasks (McKinsey & Company, n.d.).

• Enabling holistic telehealth by giving virtual care platforms real-time access to lab results, imaging, and prior visit notes (AMA, n.d.-c).

• Leveling the playing field for startups and third-party developers who previously faced barriers to data access (Innovaccer, n.d.).

This policy does more than encourage compliance — it transforms healthcare data into a strategic asset and empowers organizations to innovate around it.

Privacy, Security, and the Shift to Zero Trust

While the crackdown prioritizes data flow, it also introduces a new cybersecurity reality. Historically, health systems have relied on a “moat and castle” strategy, keeping data locked behind firewalls (AHA, 2019). Under the new rules, that moat is effectively gone — data must flow on request unless a specific, justified exception applies (HealthIT.gov, n.d.).

Organizations must adopt zero-trust security models, encrypt data at rest and in transit, and verify every access request to prevent breaches while staying compliant (AMA, n.d.-a).

From Compliance to Competitive Advantage

Avoiding penalties is the bare minimum. Forward-looking organizations will:

• Proactively audit and modernize interoperability workflows to prevent accidental violations.

• Integrate AI and automation tools to capitalize on the influx of shareable, structured data.

• Champion a patient-centered model by making data easily available to patients and partners — a move that can differentiate them in a competitive market.

By treating interoperability as a strategic differentiator rather than a compliance burden, health systems can enhance care quality, improve outcomes, and strengthen patient loyalty.

Bottom Line: Data Blocking Is Over

The HHS crackdown is not just a rule — it is a market-shaping event. It is the moment where the promise of digital health becomes an operational reality, where AI and virtual care finally have the fuel they need to scale, and where patients move to the center of their care journey.

For the CTeL community and beyond, this is a call to action: embrace interoperability, invest in innovation, and lead the industry into this new data-driven era.

References

American Hospital Association. (2019). Lack of data sharing with digital health impedes innovation. Retrieved from https://www.aha.org/aha-center-health-innovation-market-scan/2019-06-25-lack-data-sharing-digital-health-impedes

American Hospital Association. (2025). HHS issues enforcement notice on information blocking. AHA News. Retrieved from https://www.aha.org/news/headline/2025-09-03-hhs-issues-enforcement-notice-information-blocking

American Medical Association. (n.d.-a). The Security Exception. Retrieved from https://www.ama-assn.org/system/files/2021-01/information-blocking-part-1.pdf

American Medical Association. (n.d.-b). HHS provider information blocking penalties. Retrieved from https://www.ama-assn.org/system/files/hhs-provider-info-blocking-penalties-summary.pdf

American Medical Association. (n.d.-c). Case studies of digitally enabled care in action. Retrieved from https://www.ama-assn.org/practice-management/digital-health/case-studies-digitally-enabled-care-action

Baker, Donelson, Bearman, Caldwell & Berkowitz, PC. (n.d.). Healthcare providers, beware: Finalized disincentives sharpen the teeth of information blocking rule. Retrieved from https://www.bakerlaw.com/insights/healthcare-providers-beware-finalized-disincentives-sharpen-the-teeth-of-information-blocking-rule/

Clearstep. (n.d.). How AI untangles interoperability challenges. Retrieved from https://www.clearstep.health/blog/how-ai-untangles-interoperability-challenges

Department of Health and Human Services. (n.d.). HHS announces crackdown on health data blocking. Retrieved from https://www.hhs.gov/press-room/hhs-crackdown-health-data-blocking.html

HealthIT.gov. (n.d.). Information blocking. Retrieved from https://www.healthit.gov/topic/information-blocking

Innovaccer. (n.d.). Breaking the cycle: What healthcare leaders are saying about the future of interoperability. Retrieved from https://innovaccer.com/resources/blogs/breaking-the-cycle-what-healthcare-leaders-are-saying-about-the-future-of-interoperability

McKinsey & Company. (n.d.). Tackling healthcare’s biggest burdens with generative AI. Retrieved from https://www.mckinsey.com/industries/healthcare/our-insights/tackling-healthcares-biggest-burdens-with-generative-ai

PMC. (n.d.). The 21st Century Cures Act and data sharing in the research enterprise. Retrieved from https://pmc.ncbi.nlm.nih.gov/articles/PMC6708407/