New Rules on Patient Access and Information Blocking Proposed by ONC and CMS

The HHS’ Office of the National Coordinator for Health Information Technology (ONC) and the Centers for Medicare and Medicaid Services (CMS) introduced new rules addressing patient access and information blocking on February 11, 2019. The new rules are intended to improve interoperability and meaningful exchange and use of health data. The rules will help to increase competition and put patients in control their health information.

One of the primary objectives is to make health data accessible through application programming interfaces (APIs). Consumers utilize various smartphone apps to pay bills and access data. It should be just as easy to access healthcare information via apps. Electronic healthcare information should be made available to patients at no cost.

The new rules require healthcare providers and health plans to employ data sharing technologies which allow the coordination of care with other healthcare providers and health plans. Any time a patient would like to see a new doctor or would like to switch to a new health plan, transfer of their health information should be easy.

The CMS rule suggests that by 2020, sharing of electronic health data and claims data with patients via an API will be required of all healthcare organizations that are working with Medicare and Medicaid. With this requirement, patients could easily change their health plans and get their claims information electronically.

The ONC rule revised its conditions of certification. Health IT developers will be required to publish APIs to allow patients to access their data with no special effort. The objective is for healthcare organizations to use standardized APIs to help access both structured and unstructured health information through mobile devices such as smartphones.

The ONC rule enforces the information blocking provisions of the 21st Century Cure Act. ONC has added 7 more exceptions to the information blocking regulation – Actions and activities that are not classified as information blocking.


Simple Guidelines
Immediate PDF Download

Immediate Access

Privacy Policy

  • Practices that ensure the privacy of electronic health data
  • Practices that prevent patients from coming to harm
  • Practices that ensure the protection of electronic health data
  • Maintaining and enhancing health IT performance through user agreement
  • Failing to honor requests to access, exchange, and use electronic health data if it is not feasible under the circumstances or would involve a significant burden
  • Recouping reasonable expenses to permit the exchange, usage, and access of electronic health data
  • Licensing of technical artifacts to assist with the interoperability of electronic health data on reasonable and non-discriminatory terms

The ONC has recommended that healthcare providers discovered to be obstructing information sharing should be listed publicly to dissuade them from information blocking and suggests that financial penalties may be appropriate.

HHS Secretary Alex Azar explained that the goal of these proposed rules is to move the nation’s healthcare program a step closer to a level where patients and physicians can access the health data they need, allowing them to make smarter care and treatment decisions. These changes are necessary to develop a healthcare system which pays for value ınstead of procedures, particularly by empowering patients and consumers rights.

About Liam Johnson
Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: