We all know the benefits of interoperability and that easier access to clinical information is critical to patient care. Unfortunately, just knowing the benefits doesn’t always drive the need to change, or at least not as quickly as some would like to see change.

The government uses two ways to drive change: incentives and penalties, or what we often hear referred to as “carrots and sticks”.

Fun Fact: The earliest English-language references to the “carrot and stick” came from authors in the mid-1800s who wrote in reference to a “caricature” of the time depicting a race between donkey riders, with the losing jockey using the strategy of beating his steed with “blackthorn twigs” to urge it forward, while the winner of the race sits in his saddle relaxing and holding the end of his stick baited with a carrot.1

I’m not a big subscriber to a fear-based model when so many are already working tirelessly to solve this problem. But let me take a step back and provide an analogy to help understand the reason for it. Imagine you’re driving down the road and see a sign that says “$2500 fine for littering”. Most of us are not concerned about the sign’s warning choosing not to litter because we love clean communities and clean streets, rather than fear of a penalty. But unfortunately, those things often must be put in place for the very small community that’s not looking to assist in those efforts. So, I will review this topic through that lens.

The Carrot: Incentives to Move to Electronic Health Records

The Meaningful Use program, introduced as part of the 2009 Health Information Technology for Economic and Clinical Health (HITECH) Act, aimed to promote the widespread adoption of Electronic Health Records systems (EHRs), ultimately creating an infrastructure that improves the quality, safety, and efficiency of patient care in the United States.

Confusion around interoperability led to a series of congressional hearing where patients, providers, EHR vendors, and others testified to Congress because huge volumes of incentive dollars (the carrot)—to the tune of $36 billion—were dished out without driving the full extent of the change that was desired. As a result, the 21st Century Cures Act, which had broad bi-partisan support, was signed into law in 2016 by President Obama. In this law, Congress defines the importance of interoperability and lays out a path for the establishment of interoperable exchange of Electronic Health Information (EHI), and also introduced the concept of information blocking (a really big stick).

In a recent blog, Administrator Seema Verma states, “…it’s not acceptable that our health information capabilities remain mired in the Stone Age. In 2020, faxes should not be the primary means of records transfer.”

Since 2016 there has been a flurry of complex and intertwined federal regulatory proposals on the interoperability of Health Information Technology (Health IT). Earlier this year, before the rise of the pandemic, the Office of the National Coordinator for Health Information Technology (ONC) took things to a new level and published their final rule, Interoperability, Information Blocking, and the ONC Health IT Certification Program. This rule—along with a related rule from the Centers for Medicare and Medicaid Services (CMS)—implements called for changes from Cures, and is a huge sign from the federal government that they are moving away from carrots and onto sticks.

The Stick: Penalties for Information Blocking

While many healthcare providers did not qualify for the incentives to move to electronic exchange, the information blocking penalties broadly apply to ALL. While HHS has pushed back the compliance date to April 2021 due to COVID, it’s still coming, and it is a big stick…to the tune of $1M penalty per “violation” (pending rule from OIG will define “violations”).

So, what is information blocking? According to Cures, information blocking applies to Practices that prevent or materially discourage the access, exchange or use of EHI; and for which the Actor knows, or [for some actors] should know, are likely to interfere with EHI access, exchange or use.

It’s a doozy of a definition, one that I think will keep lawyers busy for a long time to come, because a practice that constitutes information blocking doesn’t actually have to prevent exchange, it could just discourage it while still allowing it to happen; and the actor knows their actions are likely to interfere.

Cures Actors are defined by the ONC regulation:


  • Health care providers – extremely broad definition
  • Health IT Developers of Certified Health IT – focus is on those with certified Health IT products, even if the same Developer also has additional products that are uncertified
  • Health Information Network (HIN) or Health Information Exchange (HIE) – combined into one category in the Final Rule and is a functional definition that focuses on what the entity does rather than how it is structured

Information blocking Practices include both an affirmative act or a failure to act and may include:


  • Restricting authorized access, exchange or use of EHI
  • Implementing HIT in nonstandard ways
  • Implementing HIT in ways that are likely to:
    • Restrict access, exchange or use of EHI, including for exporting complete information sets or transitioning between HIT systems; or
    • Lead to fraud, waste, or abuse, or impeded innovations and advancements in access, exchange and use

Health and Human Services (HHS) Office of Inspector General (OIG) has previously put out a proposed rule for how they are going to be handling violations for two of the Actor categories, that being Health IT Developers of Certified Health IT and Health Information Network (HIN) or Health Information Exchange (HIE).

Many of our Kno2 partners fall into the category of Health IT Developers of Certified Health IT, and it’s important to call out that the category is NOT the certified product, rather it is the developer of the product. If you are a developer and have multiple products, even if not all of your products are independently certified, you are still a Developer of Certified Health IT if at least one product is Certified.

Healthcare providers are defined as anyone who is participating in the care of a patient, regardless of their credentials. Penalties for healthcare providers have even more questions marks because there has been no proposed rule outlining what it may look like. This will likely involve disincentives tied to Medicare reimbursement or other disincentives from CMS.

Regardless, the word “violation” is an interesting one because it is possible that a single practice could constitute multiple violations if it affects multiple outside organizations and/or patients. There is a whole lot there that we won’t fully know until we see the final rule from OIG. Even then, we’ll need to see how the first claims of information blocking are handled to know the legal precedent.

Planning is Essential

  • What category of Actor are you? Some organizations may meet the definition of multiple Actor types.
  • What forms of interoperable exchange does your organization support?  If you don’t have support natively in your EHR, do you partner with a group like Kno2 for access to multiple forms of exchange through a single connection?
  • Do you have BAAs or other agreements that restrict sharing information, or require discriminatory sharing?
  • Do you have a formal compliance plan for when and how you share information, and when and why you do not share?
  • Understand the Exceptions to Information Blocking that may apply to you when you cannot share

Forget about Carrots and Sticks

As we reflect on 2020 and the impact of the global pandemic has had on society, one cannot help but wonder how much better off we would have been if we could have gotten all the information where it was needed when it was needed. Certainly, we can “would’ve, could’ve, should’ve” ourselves to death, or we can recognize the positive things taking place because of this year. While 2020 may have shown a spotlight on the lack of interoperability, it also created focus, spurred innovation and triggered a new sense of urgency.

So, now that I just told you about them, I want you to forget about the carrots and the sticks.

It would be irresponsible of me to insinuate that you should ignore the information blocking and patient access rules. I’m simply trying to make a point that penalties shouldn’t matter when it comes to making patient health information accessible; just like a $2500 fine doesn’t prevent many of us from littering. It’s just the right thing to do.

If you are already doing the right things for the right reasons, then you shouldn’t have to worry about the penalties that are created for those who aren’t doing the right things.

At the end of the day, we are stewards of patient information and are responsible for patient safety. We want the right information in the right place at the right time and make it actionable for providers and their patients. If you distill it down, that is what we are all striving for, regardless of the rules and regulations, incentives or penalties, carrots and sticks. Let’s just make interoperability happen everywhere. Together.


Read more about Information Blocking: Information Blocking: For Every Rule There is an Exception – Kno2


1 Carrot and stick – Wikipedia