Washington, D.C. — After more than four years of watching from the sidelines, federal regulators are finally moving. The U.S. Department of Health and Human Services has announced it’s actively issuing the first formal enforcement notices for “information blocking” — the practice of restricting patient access to electronic health information — and the compliance window for healthcare providers, including nursing facilities, is now officially closed.
What just happened
At a national health IT gathering last week, the HHS Assistant Secretary for Technology Policy confirmed that the agency is issuing notices of investigation to health IT developers — the first formal enforcement actions taken under the information-blocking rules established by the 21st Century Cures Act of 2016.
The announcement comes roughly five months after HHS Secretary Robert F. Kennedy Jr. directed agency resources toward active enforcement. Since the information-blocking complaint portal opened in 2021, nearly 1,600 complaints have piled up. Until now, not one had resulted in a public enforcement action. That’s changing.
What’s at stake — and who’s covered
Information blocking is broadly defined as any practice that interferes with patients’ ability to access, exchange, or use their electronic health information. The rules cover a wide range of actors: health IT developers, health information networks, and healthcare providers — including hospitals, skilled nursing facilities, and nursing homes participating in Medicare and Medicaid programs.
For health IT developers and health information networks, penalties can reach up to $1 million per violation. For providers, the consequences land differently — but they’re still painful. Nursing homes participating in value-based purchasing programs, accountable care organizations, or CMS incentive payment programs could face loss of reimbursement bonuses or exclusion from those programs entirely.
Industry reports indicate the False Claims Act also hangs over providers, particularly where blocked patient data intersects with Medicare billing obligations.
Why nursing homes need to pay attention now
For most long-term care operators, information blocking has felt like a health IT company problem. That’s not accurate, and the coming enforcement actions will make that clearer.
If a nursing facility’s EHR vendor restricts data flow and the facility benefits from it — or if the facility itself puts up technical or administrative barriers that slow or prevent patients and families from accessing records — that’s exposure. Facilities that fail to document why they denied a data request, or that rely on outdated internal policies, could find themselves flagged.
The compliance checklist is real: review data-sharing policies now, ensure EHR workflows don’t create unnecessary friction, and document any denials using one of the regulatory exceptions. This kind of growing compliance risk for skilled nursing operators isn’t theoretical anymore.
The enforcement era begins
For years, enforcement of these rules was described as imminent. Now it’s here. The first enforcement notices are expected to focus on health IT developers, but legal experts say providers should get ahead of any audit risk before the first high-profile penalties are announced.
Facilities that have treated information-blocking compliance as a vendor responsibility may want to revisit that assumption — fast.
