ONC Information Blocking Rule: What It Means for AI Systems, Agentic Workflows, and Healthcare Data Access

Why Information Blocking Is Now an AI Governance Rule

For most of its early life, the ONC information blocking rule under the 21st Century Cures Act was treated primarily as an EHR interoperability compliance problem — a concern for health IT developers managing API access and for providers navigating patient data requests. That framing changed materially in early 2026.

In February 2026, the Assistant Secretary for Technology Policy and Office of the National Coordinator for Health Information Technology (ASTP/ONC) issued letters of nonconformity to EHR developers — the first formal enforcement actions signaling that the agency had moved from education and guidance into active accountability. That shift, combined with the December 2025 HTI-5 proposed rule and a December 2025 ONC FAQ explicitly naming agentic AI systems as actors within the information blocking conduct framework, transforms the rule from a background compliance obligation into a live AI governance imperative.

The central claim of this analysis is straightforward but consequential: the ONC information blocking framework is now the dominant federal mechanism governing AI data access in healthcare — not FDA Software as a Medical Device (SaMD) rules, which govern device safety, and not HIPAA, which governs privacy. For any AI system that retrieves, processes, or acts on electronic health information, information blocking conduct rules apply regardless of whether the system is human-initiated or autonomous.

The Information Blocking Framework: Actors, EHI Scope, and Penalties

The information blocking prohibition in the 21st Century Cures Act (42 U.S.C. § 300jj-52) applies to three categories of regulated actors: certified health IT developers, health information exchanges and health information networks (HIEs/HINs), and healthcare providers. Each category faces different penalty structures, which matters significantly for how AI governance obligations are distributed across the ecosystem.

The scope of protected information is electronic health information (EHI) — defined broadly to encompass all electronic protected health information to the extent it would be included in a designated record set under HIPAA, without the HIPAA minimum necessary standard applying. For AI systems, this breadth is significant: training data derived from EHI, inference inputs drawn from patient records, and outputs that reference patient data can all fall within EHI scope depending on how the system is structured.

The rule defines information blocking as a practice that is likely to interfere with, prevent, or materially discourage access, exchange, or use of EHI — unless the practice falls within one of eight defined exceptions. Those exceptions cover activities including privacy protections, security risk management, preventing harm, promoting care quality, content and manner of data provision, fees, and licensing. Each exception has specific conditions that must be satisfied; meeting the general purpose of an exception is not sufficient.

For AI developers and health systems, the exceptions most frequently at issue are the Manner Exception (governing how data is provided, not whether it is provided), the Fees Exception (governing when fees for data access are permissible), and the Infeasibility Exception (covering genuine technical or legal barriers). The HTI-5 proposed rule's removal of the TEFCA Manner Exception — discussed below — eliminates a safe harbor that AI platform vendors had used to justify selective data formatting and access restrictions.

HTI-1 and the First Federal AI Transparency Requirements

The Health Data, Technology, and Interoperability: Certification Program Updates, Algorithm Transparency, and Information Sharing rule — HTI-1 — became effective in January 2024, with its algorithm transparency provisions taking effect on January 1, 2025. HTI-1 made ONC the first federal agency to impose AI-specific transparency requirements in healthcare, doing so through the ONC Health IT Certification Program rather than through the information blocking conduct framework directly.

HTI-1 introduced the concept of a predictive decision support intervention (predictive DSI) — defined as a decision support intervention that uses AI or ML to derive its recommendations, risk scores, or predictions. For certified health IT products incorporating predictive DSIs, developers were required to make source attributes publicly available in a standardized format, functioning as a machine-readable model card.

The source attribute framework required disclosure across 31 specific data points organized into nine categories. The categories addressed the intended scope of use, the data inputs and training data characteristics, the performance metrics and validation approach, known limitations and failure modes, the developer's risk management processes, and the clinical and operational context in which the intervention was designed to function.

• Intended use and clinical context: what the predictive DSI is designed to do, for which patient populations, and in which care settings.
• Data inputs and training data: the type, source, and demographic characteristics of data used to train and validate the model.
• Performance and validation: reported performance metrics, validation methodology, and external validation status.
• Known limitations: identified failure modes, performance gaps across subpopulations, and conditions under which the model may not perform as intended.
• Risk management: the developer's process for ongoing monitoring, model updates, and incident response.
• Transparency and explainability: how the model's outputs are communicated to clinical users and what level of interpretability is provided.

These requirements were organized under the FAVES principles framework — Fairness, Appropriateness, Validity, Effectiveness, and Safety — which ONC articulated as the evaluative criteria against which predictive DSI performance should be assessed. FAVES was not a checklist but a conceptual anchor for the disclosure obligations, intended to help clinical users evaluate whether a given AI tool was appropriate for their patient population and clinical context.

The practical significance of HTI-1 was that it established a federal disclosure floor for AI in certified health IT — for the first time requiring developers to publicly document what their AI systems were trained on, how they performed across demographic groups, and what their known limitations were. Whether those disclosures were consistently complete or clinically useful was a separate question, but the framework existed.

Where Information Blocking and AI Intersect: Data Access, Training Pipelines, and Agentic Workflows

The information blocking conduct framework does not distinguish between human-initiated and automated EHI access. This design feature — which predates the AI-specific provisions in HTI-5 — creates three distinct intersection points where AI systems can implicate information blocking prohibitions.

The first intersection is AI training data access. When a health IT developer, HIE, or provider restricts access to EHI that would otherwise be accessible — for example, by refusing to provide data through a FHIR API, by imposing technical barriers to bulk data export, or by selectively excluding certain record types from data feeds — that restriction can constitute information blocking if it lacks a valid exception. The fact that the requesting party intends to use the data for model training rather than direct patient care does not automatically bring the restriction within an exception. The intended use of the data is relevant to exception analysis but does not create a categorical exemption for training data requests.

The second intersection involves automated clinical decision support pipelines. Many AI-enabled clinical tools operate by continuously querying EHR systems for patient data, running inference, and returning outputs to clinicians. If an EHR developer or HIE imposes technical restrictions that prevent or degrade these automated queries — for example, by rate-limiting API calls in ways that disproportionately affect AI applications, or by requiring manual authorization for each automated data pull — those restrictions can implicate information blocking if they lack exception coverage.

The third and most novel intersection is agentic AI workflows. Agentic AI systems are those that can initiate actions, retrieve data, and complete multi-step tasks autonomously — without direct human initiation of each step. An agentic AI operating in a clinical context might independently query a patient's medication history, retrieve relevant lab values, cross-reference clinical guidelines, and generate a care recommendation, all within a single workflow triggered by an initial user prompt. If any actor in the data chain interferes with the agentic system's ability to access EHI it would otherwise be entitled to retrieve, that interference can constitute information blocking.

HTI-5 Proposed Rule: A Deregulatory Paradox for AI

The Health Data, Technology, and Interoperability: Patient Engagement, Information Sharing, and Public Health Interoperability rule — HTI-5 — was published as a proposed rule on December 29, 2025. It presents a regulatory paradox that has significant implications for AI governance in healthcare: it simultaneously proposes to reduce prescriptive AI transparency obligations under the ONC certification program while expanding the conduct-based reach of information blocking rules to explicitly cover autonomous AI systems.

On the deregulatory side, HTI-5 proposes to remove from the ONC certification program all of the predictive DSI requirements established by HTI-1 — including the source attribute disclosures, the model card publication obligations, and the risk management process requirements. The stated rationale is burden reduction for health IT developers. In practical terms, if finalized as proposed, certified EHR products would no longer be required to publicly document the training data, performance metrics, known limitations, or demographic performance gaps of their embedded AI tools as a condition of certification.

On the conduct-expansion side, HTI-5 proposes for the first time to explicitly include autonomous AI systems and robotic process automation within the definitions of access and use in the information blocking regulation. This means that interfering with an autonomous AI system's ability to retrieve or act on EHI would be expressly covered by the information blocking prohibition — not merely implied by the framework's existing language, but explicitly stated in the regulatory text.

HTI-5 also proposes to remove the TEFCA Manner Exception from the information blocking exceptions framework. The TEFCA Manner Exception had provided a safe harbor for actors who restricted data access in ways consistent with Trusted Exchange Framework and Common Agreement participation requirements. AI platform vendors and data intermediaries had used this exception to justify selective data formatting, access tiering, and API restrictions. Its removal, if finalized, would eliminate a commonly-relied-upon compliance pathway.

The paradox embedded in HTI-5 is not incidental. It reflects a broader regulatory philosophy shift: away from prescriptive certification-based transparency requirements that apply only to ONC-certified products, and toward conduct-based accountability that applies to all actors handling EHI — including AI systems operating outside the certification program entirely. Whether that shift produces better AI governance outcomes depends heavily on how OIG operationalizes enforcement against agentic AI conduct, a question that remains open.

The December 2025 ONC FAQ on Agentic AI (IB.FAQ54.2025DEC)

On December 19, 2025, ONC published a FAQ clarification — designated IB.FAQ54.2025DEC — confirming that interfering with agentic artificial intelligence access to electronic health information can implicate the information blocking prohibition. This clarification is significant independent of HTI-5's proposed rulemaking because it represents ONC's interpretive position on existing law, not a proposed change.

In the FAQ's regulatory framing, agentic artificial intelligence refers to AI systems capable of autonomously initiating multi-step actions — including data retrieval, processing, and task completion — without requiring a human to directly authorize each individual step. The FAQ clarifies that an actor who interferes with such a system's ability to access EHI that would otherwise be accessible is potentially engaging in information blocking conduct, regardless of whether the interference is directed at the AI system specifically or at the underlying data access mechanism the AI system uses.

For actors whose systems interact with agentic AI data requests, the FAQ's practical implication is that technical or policy-based restrictions on automated EHI access warrant the same exception analysis as restrictions on human-initiated access. An actor cannot avoid information blocking liability simply by characterizing a restriction as a technical safeguard against automated queries if that restriction lacks valid exception coverage.

The FAQ also has implications for how health IT developers design their API access controls. Rate limits, authentication requirements, and data scope restrictions that are applied specifically to agentic AI systems — rather than to all API consumers equally — carry heightened information blocking risk if they are not grounded in a valid exception such as the Security Exception or the Preventing Harm Exception.

Active Enforcement in 2026: From Guidance to Accountability

The February 2026 ASTP/ONC letters of nonconformity to EHR developers mark the clearest signal yet that the information blocking enforcement posture has shifted from education to accountability. Letters of nonconformity are formal findings that a certified health IT developer's product or practices do not conform to ONC certification requirements — a step that precedes potential referral to OIG and that carries reputational and contractual consequences independent of formal penalties.

As of June 2026, specific penalty outcomes and named-party enforcement actions beyond the letters of nonconformity are not public. The enforcement apparatus is active but early-stage, and readers should not assume that formal OIG civil monetary penalties have been levied against specific parties based on currently available public information.

OIG's information blocking investigation priority framework focuses on several factors: the severity of the interference with EHI access, the number of patients or clinicians affected, whether the conduct was intentional or the result of a pattern of neglect, and whether the actor cooperated with ONC's initial review. For AI-related conduct, the scale factor is particularly significant — an AI system that processes EHI at population scale means that a single information blocking practice can affect thousands of patients simultaneously.

• Severity of EHI access interference: practices that completely prevent access carry greater enforcement priority than those that merely delay or degrade it.
• Scale of impact: the number of patients, clinicians, or downstream applications affected by the restricting practice.
• Intentionality: evidence that the actor deliberately designed a restriction to impede access, as opposed to an inadvertent technical barrier.
• Pattern of conduct: whether the information blocking practice is isolated or reflects a systemic approach to restricting data access.
• Cooperation: whether the actor engaged constructively with ONC's nonconformity review process or resisted it.

For provider actors, CMS Medicare disincentives function differently from OIG civil monetary penalties. Rather than a per-violation fine, providers found to have engaged in information blocking face adjustments to their Medicare payment rates — a mechanism that creates significant financial exposure for health systems operating at scale but that is administered through a separate CMS process following an OIG referral.

Implications for Key Stakeholders

The combined effect of HTI-1's legacy, HTI-5's proposed changes, the December 2025 FAQ, and the February 2026 enforcement shift produces different practical obligations for each major actor category in the healthcare AI ecosystem.

The most significant cross-cutting implication is the shift from prescriptive certification compliance to conduct-based accountability. Under HTI-1, a certified EHR developer that disclosed its predictive DSI source attributes could point to that disclosure as evidence of AI governance compliance. If HTI-5 removes those certification requirements as proposed, that compliance proxy disappears — but the conduct-based information blocking obligations that govern how AI systems access EHI remain fully in force and are, if anything, expanding.

This means that health systems and AI developers cannot substitute ONC certification status for a genuine analysis of whether their AI data access practices comply with information blocking conduct rules. The two frameworks address different things: certification governs product features and transparency disclosures; information blocking governs conduct in the market. Both apply, and neither substitutes for the other.

Open Questions and Future Rulemaking

As of Q2 2026, several consequential questions about the ONC information blocking framework's application to AI remain genuinely unresolved. These are not rhetorical uncertainties — they represent substantive gaps in regulatory clarity that affect compliance planning for health IT developers, health systems, and AI vendors.

• HTI-5 finalization timeline and scope: ONC has not specified a finalization timeline for HTI-5 as of this writing. The Trump administration's deregulatory posture may accelerate finalization of the certification burden-reduction provisions, but the agentic AI conduct definitions and TEFCA Manner Exception removal may face different industry comment dynamics. Which provisions survive final rulemaking — and in what form — will substantially affect compliance obligations.
• OIG enforcement against agentic AI conduct: How OIG will operationalize investigations involving autonomous AI systems is not yet established through enforcement precedent. The agency's priority factors were designed primarily with human-initiated information blocking in mind; applying them to AI systems operating at scale and speed raises methodological questions about how to assess intentionality, scope, and causation.
• Deregulatory offset question: Whether the removal of HTI-1 model card certification requirements will be offset by stronger conduct-based enforcement — producing equivalent or greater AI accountability through a different mechanism — is a genuine empirical question that will only be answerable through enforcement outcomes over the next several years.
• Anticipated HTI-6 rulemaking: ASTP/ONC has signaled a potential HTI-6 rulemaking that may address wearables and patient-generated health data — categories increasingly relevant to AI training pipelines and remote monitoring applications. As of June 2026, no proposed rule has been published, and any mention of HTI-6 scope should be treated as anticipated future rulemaking, not current regulatory obligation.
• Scope of 'agentic AI' in enforcement practice: The IB.FAQ54.2025DEC clarification and HTI-5's proposed definitions use the term 'agentic artificial intelligence' without establishing a precise technical boundary. As AI systems become more capable of autonomous action, the distinction between a highly automated workflow and a genuinely agentic system will matter for enforcement analysis — and that distinction has not yet been drawn in regulatory text.

The regulatory arc from the 21st Century Cures Act through HTI-1, the December 2025 FAQ, and HTI-5's proposed rulemaking reflects a federal posture in which AI data access is increasingly treated as a conduct governance problem — one that cannot be resolved through product certification alone. Health systems, AI developers, and health IT vendors that understand this shift early will be better positioned to design AI data pipelines and agentic workflows that are defensible under both the current framework and whatever emerges from HTI-5 finalization.