By Debra Primeau, MA, RHIA, FAHIMA; Julie A. Pursley, MSHI, RHIA, CHDA, FAHIMA; and Lauren Riplinger, JD

April 5, 2021, looms large as the deadline for healthcare providers to comply with the provisions of the information blocking final rule.

The final rule, part of the 21st Century Cures Act, gives consumers unprecedented control over their own health information.

Using third-party apps of their choice, consumers will be able easily store, aggregate, use, and share both structured and unstructured electronic health information (EHI) at no cost. To optimize interoperability and manage information flow, providers will be required to adopt standardized application programming interfaces (APIs).

These provisions will bring us closer to the long-awaited ideal of a patient-centered ecosystem, but compliance comes with a host of technical and administrative challenges.

This AHIMA checklist includes five strategies designed to help HIM professionals build compliance infrastructure, spark inter-departmental collaboration, and create implementation templates customized to your organization.

1. Read the Rules
  • Read the ONC final rule on information blocking
  • Determine whether your organization is an “actor,” according to the rule
  • Become familiar with the Part 171 ONC Information Blocking rules and its eight exceptions
2. Establish a Governance Structure
  • Identify organizational stakeholders related to information blocking
  • Develop a multi-disciplinary compliance team
  • Conduct an assessment and/or risk analysis to determine readiness
  • Develop a project plan to address action items related to rule compliance
3. Assess Systems for Compliance and Operational Efficiencies
  • Assess patient identification and matching accuracy to ensure appropriate access to EHI via APIs
  • Review the United States Core Data for Interoperability (USCDI). Determine which EHI is not available to the patient and develop plans to address by April 5, 2021
  • Conduct a systems inventory to determine whether designated record sets are included
  • Define the organization’s designated record set and develop and implement data segmentation for sensitive EHI
  • Develop policies and procedures for unsigned or incomplete documents and lab/test results that require review before availability
4. Evaluate Compliance and System Infrastructure
  • Review business associate agreements to determine any revisions necessary to contracts, agreements, and licenses related to information blocking
  • Plan and/or implement appropriate HL7 Fast Healthcare Interoperability Resources (FHIR)-based interfaces
  • Collaborate with providers to ensure their digital contact information is available to the public to facilitate care coordination and data exchange
  • Collaborate with payers to implement and maintain a secure, standards-based (HL7 FHIR) API to exchange claims, cost, and encounter information
  • Implement a provider directory API for access to the provider
  • Evaluate other privacy and security rules such as Federal Trade Commission (FTC) Act, California Consumer Privacy Act (CCPA) and state privacy laws for compliance in conjunction with the information blocking and interoperability rules
  • Identify staff and processes for monitoring/auditing the organization’s incoming and outgoing EHI requests. These include, for example, requests for API interface and linkage from third parties, requests, and questions from patients
  • Evaluate and implement the costs and fees appropriate under the information blocking/interoperability and patient access rules
  • Review and revise consents and authorizations for compliance with information blocking/interoperability and patient access
  • Define processes to determine approval of third-party applications with API access
5. Update Policies and Procedures
  • Develop and implement policies and procedures for public reporting of providers for information blocking
  • Assess and implement policies and procedures to ensure compliance and business actions related to information blocking/interoperability
  • Develop policies and procedures to ensure providers are automatically alerted upon a patient’s ED services, admission, discharge, and transfer
  • Develop policies and procedures to address patient requests of EHI via an app
  • Review ROI policies and procedures and revise as necessary to meet the information blocking requirements
  • Develop policies and procedures for the exceptions to the information blocking rules
  • Develop an information blocking/interoperability and patient access incident management policy and procedure that includes data collection, reporting and forms
  • Review, update, and implement patient access, interoperability, API, and information blocking related patient request workflows, policies, procedure, and forms
  • Update and/or develop any applicable HR policies, procedures, documentation, and systems to provide for discipline for information blocking/interoperability compliance violations by workforce members
  • Develop policies and procedures to monitor effectiveness of information blocking/interoperability compliance
  • Develop education and training materials as well as competency tests on information blocking/interoperability
  • Develop patient education plans regarding information blocking and the risks associated with using non-certified third-party applications
To get this checklist in a printable format, click here.
Additional AHIMA Resources


Debra Primeau, MA, RHIA, FAHIMA, ( is president of Primeau Consulting Group.

Julie A. Pursley, MSHI, RHIA, CHDA, FAHIMA, ( is director, health information thought leadership, content and product development at AHIMA.

Lauren Riplinger, JD, ( is vice president, advocacy, public policy and government affairs at AHIMA.