HHS Announces Penalties for 'Information Blocking'
The U.S. Department of Health & Human Services is now enforcing penalties against hospitals and clinicians who illegally impede access to digital health information. This move is designed to break down data silos and empower patients and consumer health apps with greater data portability.
These enforcement actions stem from the 2016 21st Century Cures Act, designed to promote health data interoperability. The Office of the Inspector General (OIG) can now impose civil monetary penalties of up to $1 million per violation on health IT developers and health information networks found to be engaging in information blocking. Enforcement against these tech and data entities officially began on September 1, 2023. For healthcare providers, the penalties are structured as "disincentives." As of July 31, 2024, hospitals found to be information blocking can lose 75% of their annual market basket increase under the Medicare Promoting Interoperability Program. Clinicians in the Merit-based Incentive Payment System (MIPS) who block information will receive a zero score in the Promoting Interoperability category, which can significantly impact their Medicare payments. This regulatory pressure opens new pathways for consumer health apps to access electronic health information (EHI), fueling growth in a market that saw U.S. digital health startups raise $14.2 billion in 2025. The key technical challenge for founders is integrating this data with streams from consumer wearables; APIs for Apple Watch, Oura, Fitbit, and Garmin are often fragmented, each with unique authentication and data structures. For consumer-facing apps, data privacy compliance extends beyond HIPAA. A patchwork of state-level laws, like Washington's My Health My Data Act and the California Privacy Rights Act (CPRA), imposes strict requirements for handling non-HIPAA-covered health data. These laws often require explicit opt-in consent for collecting and sharing data gathered from wellness apps and wearables. Venture capital is flowing into startups that can leverage this new data landscape, particularly those using AI and machine learning. In 2025, AI-enabled digital health companies captured 54% of total funding, with investors backing platforms that use predictive analytics on integrated health data to offer personalized care. Mega-deals of over $100 million accounted for 42% of all funding in 2025. The push for enforcement reflects years of patient frustration, a common theme in chronic illness forums and subreddits. Patients frequently report struggling to access their own medical records or discovering their data was shared between providers without clear consent, highlighting the demand for user-centric tools that simplify health data management.
