Frequently Asked Questions
Yes, any individual or entity that meets the definition of at least one category of actor—“health care provider,” “health IT developer of certified health IT,” or “health information network or health information exchange” —as defined in 45 CFR 171.102 is subject to the information blocking regulations in 45 CFR part 171. The information blocking regulations in 45 CFR part 171 apply to a health care provider, as defined in the Public Health Service Act and incorporated in 45 CFR 171.102, regardless of whether any of the health IT the provider uses is certified under the ONC Health IT Certification Program.
Yes, any individual or entity that meets the definition of at least one category of actor —“health care provider,” “health IT developer of certified health IT,” or “health information network or health information exchange” — as defined in 45 CFR 171.102 is subject to the information blocking regulation in 45 CFR part 171. The information blocking regulations in 45 CFR part 171 apply to an entity that meets the HIN or HIE definition regardless of whether any of the health IT the HIN or HIE uses is certified under the ONC Health IT Certification Program.
The definition of “health information network (HIN) or health information exchange (HIE)” in 45 CFR 171.102 is a single, functional definition. We did not specifically exclude any particular entities from the definition, nor did we specifically identify particular entities in the definition. In order to determine whether your organization is a HIN/HIE for information blocking purposes, you should assess whether your organization’s functional activity meets the HIN/HIE definition in 45 CFR 171.102. The Information Blocking Actors fact sheet on HealthIT.gov presents the actor definitions in an easy-to-use format.
The answer depends on whether your company or organization meets the definition of “health IT developer of certified health IT” in 45 CFR 171.102. Under the definition, an individual or entity that develops or offers health IT is a “health IT developer of certified health IT” so long as that individual or entity develops or offers at least one Health IT Module certified under the ONC Health IT Certification Program. However, the definition explicitly excludes a health care provider that self-develops Health IT that is not offered to others. The Information Blocking Actors fact sheet on HealthIT.gov presents the actor definitions in an easy-to-use format.
Updated:
This FAQ has been updated to reflect the effective date of the HTI-1 Final Rule.
Yes. For purposes of the information blocking regulation, a “health IT developer of certified health IT” is defined in 45 CFR 171.102. With the sole exception of a health care provider that self-develops certified health IT that is not offered to others, this definition is met by any individual or entity that develops or offers health IT certified under the ONC Health IT Certification Program. If an individual or entity offers certified health IT for any period of time on or after the applicability date of 45 CFR part 171, then they would be considered to be a “health IT developer of certified health IT” for purposes of their conduct during that time. The information blocking provision would not apply to conduct the individual or entity engaged in after they no longer have or no longer offer any certified health IT. However, claims of information blocking with respect to conduct occurring while the individual or entity had certified health IT could be acted upon by HHS after the individual or entity no longer had or offered certified health IT. (See also ONC Cures Act Final Rule page 85 FR 25797).
Updated:
This FAQ has been updated to reflect the effective date of the HTI-1 Final Rule.
For purposes of the information blocking regulation in 45 CFR part 171, the term "actor" includes health care providers, health IT developers of certified health IT, and health information networks (HIN) or health information exchanges (HIE), as defined in 45 CFR 171.102. Although health plans and other payers are not specifically identified within any of these definitions, they also are not specifically excluded. To the extent an individual or entity that is a payer also meets the 45 CFR 171.102 definition of "health care provider," "health IT developer of certified health IT" or "health information network or health information exchange," that individual or entity would be considered an "actor" for purposes of information blocking. In addition, the HIN/HIE definition is a functional definition and should be reviewed for potential applicability to a health plan’s activities. The Information Blocking Actors fact sheet on HealthIT.gov presents these definitions in an easy-to-use format. (See also Cures Act Final Rule page 85 FR 25803)
In some instances, a business associate will be an actor under the information blocking regulation in 45 CFR part 171 and in other situations, it may not be an actor. The information blocking regulations in 45 CFR part 171 apply to health care providers, health IT developers of certified health IT, and health information networks (HIN) and health information exchanges (HIE), as each is defined in 45 CFR 171.102. Any individual or entity that meets one of these definitions is an “actor” and subject to the information blocking regulation in 45 CFR part 171, regardless of whether they are also a HIPAA covered entity (CE) or business associate (BA).
Anyone who believes they may have experienced or observed information blocking by any health care provider, health IT developer of certified health IT, or health information network or health information exchange is encouraged to share their concerns with us through the Information Blocking Portal on ONC’s website, HealthIT.gov.
Please see the other questions under this heading for more information about reporting claims of potential information blocking. For more information about applicability dates and enforcement dates for the information blocking regulations, please review the question(s) under the “Enforcement” heading.
Updated:
This FAQ has been updated to reflect that we have passed the applicability date (4/5/2021) for the information blocking regulations, and to simplify the internal reference in the final paragraph.
The Cures Act, passed by Congress in 2016, directs ONC to implement a standardized process for the public to report claims of potential information blocking, and gives the HHS Office of Inspector General (OIG) the responsibility of investigating any claim of potential information blocking. Once received, ONC will confirm receipt with the submitter and the report is automatically assigned a tracking number (e.g. IB-XXX). Depending on the facts and details included in the complaint, ONC may contact the submitter for additional information.
ONC has authority to review claims of potential information blocking against health IT developers of certified health IT that may constitute a non-conformity under the ONC Health IT Certification Program. Separately, OIG has authority to investigate claims of potential information blocking across all types of actors: health care providers, health information networks and health information exchanges, and health IT developers of certified health IT. Therefore, upon receiving a claim of potential information blocking, ONC shares the claim with OIG. ONC makes every effort to share these claims of information blocking within two business days of receipt. To contact OIG about a claim of potential information blocking, please use the OIG Hotline via the web at https://oig.hhs.gov/fraud/report-fraud/index.asp or by phone at 1-800-HHS-TIPS (1-800-447-8477). Please note that the OIG Hotline will not be able to respond to any inquiries about action taken in response to a complaint. For more information, please see OIG’s Hotline website: https://oig.hhs.gov/fraud/report-fraud/before-you-submit/.
For more information about applicability dates and enforcement dates for the information blocking regulations, please review the question(s) under the “Enforcement” heading.
Yes. Anyone who chooses to report their concerns through the Information Blocking Portal can choose to do so anonymously.
However, if you do submit an anonymous report, we will not be able to contact you, and you will not be able to revisit your report, to add information or clarify your concern. Therefore, it is important to ensure you include all the information that you want us to have about your concern.
In addition, as specified in the 21st Century Cures Act, please note that any information received by ONC in connection with a claim or suggestion of possible information blocking and that could reasonably be expected to facilitate identification of the source of the information would fall under protections in section 3022(d)(2) of the Public Health Service Act. These protections limit the public disclosure of the source of the information.