Comment period ends January 2, 2024

Earlier this year, the U.S. Department of Health and Human Services (HHS) Office of the Inspector General (OIG) published its final rule implementing the provisions of Title IV of the 21st Century Cures Act (Cures Act) which authorize OIG to investigate claims of health information blocking and impose civil monetary penalties (CMP) for violations.  Under the Cures Act, health information blocking is a practice (by act or omission) that is likely to interfere with access, exchange, or use of electronic health information, unless the practice is required by law or covered by an exception, and the individual or entity conducting such practice has the requisite intent.

The OIG rule, which went into effect September 1, 2023, applies only to individuals or entities who are health IT developers of certified health IT, health information networks, or health information exchanges, and provides for up to a $1 million penalty per violation.

Now, the Centers for Medicare and Medicaid Services (CMS) has proposed a rule aimed at health care providers found by OIG to have committed information blocking.  The CMS proposed rule, published at 88 Fed. Reg. 74,947 (Nov. 1, 2023), would implement the Cures Act provision specifying that a health care provider determined to have committed information blocking shall be referred to the appropriate agency to be subject to appropriate disincentives.

Not all health care providers subject to the information blocking regulations (see 45 C.F.R. § 171.102) are covered by CMS’ proposed rule.  For now, the disincentives CMS is proposing would apply to the following three categories of providers:

  • Hospitals and critical access hospitals (CAH) participating in the Medicare Promoting Interoperability Program (MPIP)
  • Clinicians or groups (as defined in 42 C.F.R § 414.1305) eligible to participate in the Merit-based Incentive Payment System (MIPS)
  • Accountable care organizations (ACO), ACO participants, and ACO providers/suppliers participating in, or eligible to participate in, the Medicare Shared Savings Program

Hospital and CAH participants in MPIP found by OIG to have committed information blocking would be deemed not meaningful electronic health record users for the applicable reporting period.  Hospitals would lose 75 percent of the annual market basket increase, while CAHs would see payment of reasonable costs reduced to 100 percent instead of 101 percent.  

MIPS participants would be similarly deemed not meaningful electronic health record users for the applicable reporting period.  And they would earn a zero score in the Performing Interoperability performance category, which typically accounts for one-fourth of the total qualifying score for determining positive, neutral, or negative payment adjustments for Medicare Part B-covered professional services.

Accountable care organizations (ACO), ACO participants, and ACO providers/suppliers who have committed information blocking would be removed from, or denied approval to participate in, the Medicare Shared Savings Program for at least one year.  A health care provider could also be removed from an ACO or prevented from joining an ACO.

In addition to establishing these disincentives, the proposed rule would also require the HHS National Coordinator for Health Information Technology (ONC) to post on its public website information about all actors that have been determined by OIG to have committed information blocking—those subject to OIG’s civil monetary penalties and those who will be subject to disincentives.

In the preamble to the proposed rule, CMS says to expect more rulemaking in the future that will expand the categories of health care providers subject to its information blocking disincentives and suggests that other operating divisions within HHS may promulgate rules establishing additional disincentives.

Written comments on CMS’ proposed rule are due by January 2, 2024, and may be submitted electronically or by mail.  For further information, see 88 Fed. Reg. 74,947 (Nov. 1, 2023) or visit


This publication is for general information only. It is not legal advice, and legal counsel should be contacted before any action is taken that might be influenced by this publication.

About Gunster 
Gunster, Florida’s law firm for business, provides full-service legal counsel to leading organizations and individuals from its 13 offices statewide. Established in 1925, the firm has expanded, diversified and evolved, but always with a singular focus: Florida and its clients’ stake in it. A magnet for business-savvy attorneys who embrace collaboration for the greatest advantage of clients, Gunster’s growth has not been at the expense of personalized service but because of it. The firm serves clients from its offices in Boca Raton, Fort Lauderdale, Jacksonville, Miami, Naples, Orlando, Palm Beach, Stuart, Tallahassee, Tampa Bayshore, Tampa Downtown, Vero Beach, and its headquarters in West Palm Beach. With more than 280 attorneys and consultants, and over 290 committed support staff, Gunster is ranked among the National Law Journal’s list of the 500 largest law firms and has been recognized as one of the Top 100 Diverse Law Firms by Law360. More information about its practice areas, offices and insider’s view newsletters is available at 


Find a Professional

by Name

by Practice/Office