HHS OIG Releases Proposed Regulation on Information Blocking Civil Money Penalties

A medical professional looks at images on computer screens.

On Tuesday, April 21, 2020, the Department of Health and Human Services (HHS) Office of Inspector General (OIG) issued a Proposed Regulation on Civil Money Penalties (CMPs) related to the information blocking provisions included in the Office of the National Coordinator for Health Information Technology (ONC) Interoperability Regulation.

This regulation focuses on several topics related to CMPs, but it also provides OIG the authority to investigate claims of information blocking and authorizes HHS to impose CMPs against the actors that the agency determines committed information blocking. OIG and ONC coordinated extensively on both ONC’s Final Interoperability Regulation and this proposal to ensure alignment. There is a 60-day comment period on OIG’s Proposed Regulation, with comments due to OIG on June 23, 2020.

Investigating and taking enforcement action against entities that engage in information blocking is consistent with OIG’s history of investigating serious misconduct that impacts HHS programs and beneficiaries. OIG cites information blocking as potentially posing a threat to patient safety and undermining efforts by providers, payers, and others to make the health system more efficient and effective. Overall, addressing the negative effects of information blocking is consistent with OIG’s mission to protect the integrity of HHS programs, as well as the health and welfare of program beneficiaries.

It is important to note that the actors defined in ONC’s Final Regulation are the entities included in OIG’s Regulation: health IT developers of certified health IT, health information networks, and health information exchanges. HHS has the authority to impose CMPs up to $1 million per violation on these actors. OIG’s CMP authority does not extend to health care providers—if it determines that a health care provider has committed information blocking, OIG will refer that health care provider to the appropriate agency for appropriate disincentives.

OIG is proposing to use its discretion to choose which information blocking complaints to investigate and only select cases for investigation that are consistent with its enforcement priorities. Based on its current expectations, OIG’s enforcement priorities will include conduct that:

  • Resulted in, is causing, or had the potential to cause patient harm
  • Significantly impacted a provider’s ability to care for patients
  • Was of long duration
  • Caused financial loss to Federal health care programs, or other government or private entities
  • Was performed with actual knowledge

OIG expects that these priorities will evolve as it gains more experience investigating information blocking. In addition, the agency emphasizes that information blocking as defined in the statute includes an element of intent. As a result, OIG believes that it lacks the authority to pursue information blocking CMPs against actors who it concludes did not have the requisite intent. Consequently, OIG is not planning to bring enforcement actions against actors who it determines made innocent mistakes.

The Proposed Regulation also discusses how enforcement of the information blocking CMPs will not begin until this regulation is effective. OIG is proposing that the effective date of this regulation will be 60 days from the date of publication of its Final Regulation, although it is also considering an October 1, 2020, start date of enforcement. Until that time, OIG plans to exercise enforcement discretion to impose CMPs against actors who have engaged in information blocking after the effective date of the Final Regulation, with conduct that occurs before the effective date of the Final Regulation not planned to be subject to information blocking CMPs.

According to OIG, the period between the compliance date of ONC’s Final Regulation and the proposed start of OIG’s information blocking enforcement will provide entities with time to come into compliance with ONC’s Regulation, with added certainty that practices during that period will not be subject to penalties.

The Proposed Regulation also defines “violation” as each practice that constitutes information blocking. OIG plans to use that definition to help determine the number of information blocking practices that might be penalized. To explain the intent of the proposed definition, the Proposed Regulation includes hypothetical examples of conduct that would meet the definition of information blocking.

In addition, OIG describes the factors that it must consider when imposing CMPs against an entity for committing information blocking, such as: the nature and extent of the information blocking; the harm resulting from such information blocking; and, including the number of patients affected, the number of providers affected, and the number of days the information blocking persisted. OIG is asking for comment on any additional factors it should consider in a Final Regulation for determining the amount of information blocking CMPs, as well as examples of specific conduct that should be subject to higher or lower penalty amounts.

If you have questions, or need more information, about HIMSS’s efforts to develop comments on this Proposed Regulation, please reach out to

Discover the Power of Interoperability

Help advance interoperability and standards-based health IT systems that lead to meaningful health information exchange.

Join the Interoperability & HIE Committee

Published on