HTI-5 and Information Blocking: Your Bots Are Covered, and Your Excuses Are Getting Smaller

by | Jan 2, 2026 | Health IT, HIE & HIN, Information Blocking, Nationals Networks, TEFCA

If you have been telling yourself, “Information blocking only happens when a person says ‘no’,” HTI-5 has some news for you. The proposed rule makes a pointed set of changes to the information blocking framework that, taken together, do two things at once. First, they modernize the rules for how EHI moves in 2026 (hello, automation and autonomous AI). Second, they narrow the wiggle room that has been doing far too much work in the market.

In this post, I focus only on HTI-5’s proposed information blocking changes, not the full sweep of the rule. You can read the HTI-5 Proposed Rule here: HTI-5 Proposed Rule (December 29 2025).  Comments are due by February 27, 2026, at 5:00 p.m. Eastern.  You can submit yours here.

The message in HTI-5 is straightforward: the information blocking rules have to catch up to how EHI actually moves today, including automation and AI. The market is already using bots, agents, and other automated workflows to access, exchange, and use EHI, but some compliance narratives still talk as if everything happens through a human user and a manual workflow. And then there is the other part everyone has seen: IBR exception conditions getting used as cover for decisions that are not really about infeasibility, but rather control.

So what does HTI-5 actually propose, specifically for information blocking? In short, it:

    1. makes explicit that “access” and “use” cover automated means, including autonomous AI,
    2. tightens the Infeasibility and Manner Exceptions by removing or revising conditions that have been stretched too far, and
    3. eliminates the TEFCA Manner Exception altogether.

Let’s dive into exactly what is being proposed, the rational provided by ASTP/ONC in the Preamble for the proposed change, and the practical impact on Actors (i.e., HIEs/HINs, Developers of Certified Health IT, and Health Care Providers).

Definitional Changes: “Access” and “Use”

What is being proposed

ASTP/ONC proposes to update the definitions of “access” and “use” in 45 CFR 171.102 so it is explicit that they include automated means of access/exchange/use of EHI, including robotic process automation (RPA/bots) and autonomous or “agentic” AI systems.

Rationale in the preamble

ASTP/ONC points to market observations and stakeholder feedback (including RFI comments) that the regulated community wants clarity that information blocking concepts apply even when EHI is accessed or acted on by automation, not just humans using manual workflows. They also tie this to prior ONC discussion that “access, exchange, or use” is route-agnostic, and may include automated services.

Practical impact

> AI agents and automation workflows become first-class “covered” pathways: If an actor interferes with automated retrieval/processing in ways that meet the information blocking definition, the actor’s conduct may “implicate the information blocking definition.”

> Expect enforcement narratives to modernize: Complaints and investigations can more directly frame certain “anti-bot,” “no-agent,” throttling, selective blocking, or technical gating practices as potential information blocking if they functionally interfere with access/exchange/use via automation.

> Broader compliance surface: Policies and technical controls designed for human-facing access (portals, manual exports) will be harder to use as the main compliance story if automated access is feasible.

Infeasibility Exception Changes (171.204)

On the Infeasibility Exception, HTI-5 does two things: it removes one condition that has been used too broadly and revises (or potentially removes) another that often comes up in manner disputes.

(1) Removal of the “third party seeking modification use” condition (171.204(a)(3))

What is being proposed

ASTP/ONC proposes to remove the “third party seeking modification use” condition in the Infeasibility Exception.

Rationale in the preamble

ASTP/ONC characterizes this condition as susceptible to misuse by actors who withhold EHI to inhibit access/exchange/use by third parties that patients and providers want. They conclude, after evaluating prior proposals and ecosystem evolution, that the condition is unnecessary and that removing it better supports access/exchange/use and the competition and innovation goals described in the Cures Act Final Rule.

They also make clear that if removed, other Infeasibility Exception conditions remain available (example: “infeasible under the circumstances”), and they reiterate that this does not imply changes to HIPAA compliance obligations.

Practical impact

    • Fewer “safe harbors” for blocking third-party write-back or modification workflows: Actors would have to justify refusals under other existing exceptions/conditions, rather than relying on this condition as a targeted route.
    • More pressure to support legitimate third-party workflows where feasible: Especially where the actor’s basis is more about controlling the channel or business model than true feasibility.
    • Security and integrity concerns are not ignored, but must be framed differently: ASTP/ONC’s theory is essentially that confidentiality, integrity, availability concerns are addressed by other exceptions, making this condition redundant.

(2)  Changes to the “manner exception exhausted” condition (171.204(a)(4)) (revise or remove)

What is being proposed

ASTP/ONC proposes to revise the “manner exception exhausted” condition to narrow it and reduce misuse risk, or in the alternative to remove it entirely.

Rationale in the preamble

They describe the condition as also susceptible to misuse/abuse by actors holding EHI. The preamble discussion suggests several clarifying and narrowing moves, including:

      • Clarifying that “all alternative manners” means the specific alternatives in 171.301(b)(1)(i)-(iii), not “all possible” methods.
      • Reiterating that each alternative manner must be attempted consistent with 171.301(b), and that related fees and licensing must comply with the Fees and Licensing Exceptions.
      • Considering wording changes designed to ensure actors can claim “infeasible” under this condition only when they have actually exhausted the Manner Exception as intended, and to discourage abuse.
      • Revisions such as replacing “same” with “analogous” in part of the condition (a signal they are trying to tune the comparability test).
      • An explicit “off ramp” that if comments show revisions are insufficient to curb misuse/abuse, ASTP/ONC would remove the condition entirely.

Practical impact

      • Harder to invoke “infeasible” based on manner disputes: Actors will need to show they truly offered the specified alternative manners and did so in a way consistent with the broader regulatory structure (including fees/licensing constraints).
      • Less leverage to stonewall by “paper exhausting”: If an actor uses procedural posturing to claim exhaustion, the proposed clarifications are aimed at narrowing that.
      • If removed entirely: Disputes over nonstandard, non-scalable, or costly manners would be forced back into the Manner Exception and other exceptions, rather than this additional infeasibility pathway.

Manner Exception Changes (171.301)

What is being proposed

ASTP/ONC proposes to revise the Manner Exception’s “manner requested” condition to make clear the exception cannot be met using contracts that are not market rate, are contracts of adhesion, or contain unconscionable terms.

They also propose to codify concepts like “market rate” (by referencing Stark’s “fair market value” concept), plus definitions of “contract of adhesion” and “unconscionable terms.” 

Rationale in the preamble 

ASTP/ONC reiterates that the Manner Exception is about the technical manner of exchange, not an Actor’s broader contract terms. They state plainly that contracts of adhesion or contracts containing unconscionable terms are not covered by the Manner Exception even if the agreement nominally achieves the requested manner, and they note such contracts would likely be “interference” under the information blocking regulations. 

Practical impact

> “Take-it-or-leave-it” contracting becomes a more direct information blocking risk: If an actor ties EHI access to one-sided terms, this proposal is aimed at removing any argument that the Manner Exception insulates that approach.

> Pricing and licensing pressure: ASTP/ONC emphasizes market-rate negotiation at arm’s length and seeks to constrain using inflated fees or coercive licensing terms as a de facto barrier to access.

> Better posture for requestors: Requestors (including providers, app developers, and other third parties) gain clearer regulatory text to challenge gating behavior that is contract-driven rather than technically justified.

Removal of the TEFCA Exception (171.403 and Subpart D) 

What is being proposed

ASTP/ONC proposes to remove Subpart D, including the TEFCA Manner Exception (171.403) and associated definitions, and notes that without 171.403 the remaining Subpart D provisions serve no purpose.

Rationale in the preamble

ASTP/ONC states that based on TEFCA’s continued implementation, maturation, and public comments (including comments to a CMS–ASTP/ONC RFI), removal is appropriate. The preamble also reflects a concern that keeping the TEFCA-specific exception could create an unintended ceiling on TEFCA’s future growth by discouraging new entrants who need other efficient manners to support innovative products/services.  They emphasize that removing the TEFCA Manner Exception does not remove TEFCA obligations for QHINs/Participants/Sub-participants, and also that removing the exception does not automatically make a previously covered practice information blocking; analysis remains case-by-case.

Practical impact:

> No special TEFCA carve-out for “manner” disputes under information blocking: TEFCA participants would need to rely on the general Part 171 framework (Manner Exception, Fees, Licensing, Infeasibility, etc.) rather than a TEFCA-specific manner defense.

> Greater neutrality among exchange frameworks: This aligns with the competition-oriented theme in the preamble and the concern about not structurally privileging one pathway.

> Governance and contracting implications: TEFCA participation remains mandatory to comply with TEFCA’s own rules, but “because TEFCA says so” will not, by itself, operate as an information blocking exception.

Conclusion

If HTI-5 is finalized as proposed, the direction is clear. ASTP/ONC is bringing automation and agentic AI squarely within the information blocking frame, tightening exception pathways that have been stretched into convenient “no” factories and putting real limits on using contract terms and pricing as a gate to EHI. TEFCA remains important, but it will not come with its own special manner carve-out for information blocking analysis.

The practical takeaway for Actors is to get ahead of this now. Treat automated access like the mainstream pathway it is, use exceptions the way they were intended (for real constraints, not as a default position), and make sure your “yes” is not buried under “take-it-or-leave-it” terms. The market has learned to spot a dressed-up “no,” and this proposal reads like the regulators have, too.

If you are not a subscriber to our backend Legal HIE compliance library, download our Table of Contents here to check out all of the tools, checklists, whitepapers, sample policies we make available to our members to help their organizations comply with Information Blocking, HIPAA, 42 CFR Part 2, Data Breaches and more. Ready to subscribe now? Click here to review our subscription options.

Archives