By Kathryn Lucia, Sequoia Policy Analyst, Josh Mast, Director and Product Regulatory Strategist at Oracle and Information Sharing Workgroup Co-Chair, and Sam Roods, Director, Government Affairs & Policy at Datavant and Information Sharing Workgroup Co-Chair
Introduction
The information blocking regulations, established under the 21st Century Cures Act and implemented by the Office of the National Coordinator for Health Information Technology (ONC), are intended to ensure that electronic health information (EHI) can move more freely across the healthcare ecosystem. At their core, the rules prohibit actors (e.g., healthcare providers, health information technology (IT) developers of certified health IT, and health information networks) from engaging in practices that are likely to interfere with the lawful and appropriate access, exchange, or use of that information, unless a specific exception applies.
While these requirements—and the enforcement penalties behind them—have been in place for several years, they are taking on new urgency amid growing regulatory pressure and advancing enforcement activity.
Notably, in the last few years, several disputes involving alleged information blocking have been litigated in state and federal courts, including at the federal appellate level. Plaintiffs have also begun citing information blocking allegations as the basis for unfair competition claims under state law.
In addition, last September, the U.S. Department of Health and Human Services (HHS) released multiple bulletins recommitting to the enforcement effort. And, in February, Dr. Thomas Keane, National Coordinator for Health Information Technology at ONC, announced that his agency has begun issuing letters of nonconformity to health IT developers based on potential information blocking and API-related noncompliance. These letters are part of ONC’s oversight and enforcement processes under the Health IT Certification Program; while they are not penalties themselves, they can lead to corrective action plans, suspension or termination of certification, and referral to the HHS Office of the Inspector General (OIG) for civil monetary penalty proceedings.
Together, these developments are moving the industry beyond awareness and into action, as organizations focus on how to operationalize the rules in practice. Since the Information Blocking Portal launched in 2021, ONC has received more than 1,700 possible information blocking claims, including many involving health care providers.
Building on the evolving enforcement landscape, The Sequoia Project conducted an industry survey shared broadly across the health IT community via LinkedIn to understand how organizations are interpreting and operationalizing information blocking requirements. The survey was conducted with the support of The Sequoia Project’s Information Sharing Workgroup, which brings together multi-sector industry professionals to examine real-world information sharing challenges, interpret policy requirements, and develop practical resources to support implementation.
With 68 respondents, the survey captures current readiness and emerging challenges, with the goal of equipping the Information Sharing Workgroup with actionable insights on where organizations face uncertainty, what support they need, and how to advance more practical approaches to compliance.
How Closely Organizations Are Tracking the Rule
Survey responses indicate moderate to high levels of awareness, which may reflect the survey’s distribution through Sequoia members and their networks, with most organizations reporting that they are tracking information blocking closely or very closely. A smaller portion indicated they are only somewhat tracking the rule, suggesting that while the policy is broadly on the radar, engagement still varies across the ecosystem. This points to an important distinction between awareness and execution. Staying informed on regulatory developments does not necessarily translate into operational readiness. As enforcement activity increases, this gap may become more pronounced, particularly for organizations that have not yet translated awareness into concrete workflows and policies.
What Organizations Need Most Right Now
When asked what would be most helpful at this stage, respondents prioritized foundational needs over more advanced implementation support, with a clear emphasis on understanding both federal requirements, the growing complexity of state-level rules, and the operational nuances of navigating information blocking exceptions in complex, multi-actor workflows. This was followed by interest in building initial compliance efforts, such as training and program development, and then maintaining those efforts over time. Preparing for complaints and investigations ranked lower, suggesting that while enforcement is increasing, many organizations are still focused on interpreting what the rules require before fully shifting to response readiness. These responses highlight that organizations are still working to translate policy into practice, and that variability between state and federal expectations continues to present a significant challenge as they move toward more mature, operational compliance. Taken in full, organizations are not only seeking to understand foundational compliance but also need clarity on how to navigate complex scenarios where data sharing partners cite regulatory exceptions—such as technical infeasibility or manner exceptions—when fulfilling complex data requests.
When Will Enforcement Happen? Industry Expectations
Survey responses indicate that most organizations expect enforcement in the near term, with 42 percent anticipating activity within 6 to 12 months and another 22 percent expecting it within the next 6 months. Smaller groups believe enforcement may take 1 to 2 years or longer, but these views are in the minority. Overall, the findings suggest a clear industry expectation that enforcement is imminent. This forward-looking concern is creating a sense of urgency across the ecosystem, though it may not yet be fully matched by organizational preparedness. Additionally, this survey shows an industry-wide expectation that timely, meaningful enforcement is on the immediate horizon, and that practices that restrict data liquidity or create artificial barriers to interoperability are a heightened liability.
Conclusion
Organizations across the ecosystem are paying close attention to information blocking requirements and recognize that enforcement is approaching in the near term. However, awareness is outpacing operational readiness. Many are still focused on building foundational understanding, particularly as they navigate the complexity of aligning federal and state requirements, reinforcing that compliance is not just technical but requires coordinated organizational effort.
Enforcement expectations are driving urgency, but not yet full preparedness. While organizations anticipate near-term enforcement, fewer are ready to respond to complaints or investigations, creating a potential gap between expectation and execution. The industry is moving from policy awareness toward operationalization, with a growing recognition that success requires focusing on meaningful interoperability in addition to simply foundational technical compliance.
For workgroups like The Sequoia Project’s Information Sharing Workgroup and policy leaders, this presents a clear opportunity. There is a need for practical, actionable support including plain-language guidance, alignment across state and federal requirements, and implementation-focused resources. Advancing these areas will be critical to reducing compliance burdens, preventing fragmentation of data exchange, and helping organizations translate regulatory expectations into consistent, scalable practices.
As the industry continues to move from awareness to action, The Sequoia Project and its Information Sharing Workgroup offer a growing suite of practical resources to support organizations navigating information blocking. These include an Information Sharing Toolkit, which provides educational materials to support compliance with the Information Blocking Rule, as well as newer resources developed in 2025 focused on enforcement processes and penalties and tracking state-level legislative and litigation activity. Since its launch in 2019, the Information Sharing Workgroup has also produced a range of additional resources grounded in real-world experience, addressing topics such as good practices for information sharing, the operational implications of the expanded definition of EHI, and key policy considerations. Together, these resources are designed to help organizations translate policy into practice and navigate the evolving compliance landscape with greater clarity and confidence.
Who Responded: A Cross-Sector Snapshot
The survey responses reflect broad representation across the health IT ecosystem, underscoring that information blocking affects the full spectrum of entities involved in the access, exchange, and use of EHI—not just providers alone.
