Two current federal circumstances are offering perception into what to anticipate in state courtroom litigation associated to data blocking, outlined within the twenty first Century Cures Act (Cures Act) as a apply that interferes with the entry, alternate, or use of digital well being data.
On March 12, 2025, the Fourth Circuit upheld the Maryland District Courtroom’s preliminary injunction for the plaintiff in Actual Time Medical Techniques Inc. v. PointClickCare Applied sciences, 131 F.4th 205 (2025). In sum, the Fourth Circuit agreed with the District Courtroom that PointClickCare’s “use of indecipherable CAPTCHAs and selection to dam sure customers is against the law beneath the information-blocking provision of the federal Cures Act, which helps [Real Time’s] unfair competitors claims” beneath Maryland regulation. The Fourth Circuit relied partly on Intus Care, Inc. v. RTZ Assocs., Inc., Case No. 24-cv-01132, 2024 U.S. Dist. LEXIS 100190 (June 5, 2024), the place a District Courtroom choose discovered {that a} violation of the Cures Act would represent an “independently wrongful” act adequate to help a declare for intentional interference with potential financial benefit beneath California regulation, although the Cures Act lacks a personal proper of motion.
These rulings present helpful perception into how data blocking violations will be litigated by state regulation claims regardless of the shortage of a federal personal proper of motion, and that good religion negotiations are requisite to fulfill the Method Exception.
Case Summaries
Actual Time Medical Techniques Inc. v. PointClickCare Applied sciences
Actual Time offers analytics companies to expert nursing services and depends on bots to expedite entry to well being care information maintained by PointClickCare for Actual Time’s shoppers. Over the course of three years, PointClickCare employed indecipherable CAPTCHAs and account deactivation at varied occasions, depriving Actual Time of entry to its consumer’s well being care information. Finally, Actual Time introduced Maryland state regulation claims together with unfair competitors and tortious interference and sought a preliminary injunction. The District Courtroom granted the preliminary injunction.
On enchantment, in pertinent half, PointClickCare argued that Actual Time couldn’t depend on a violation of the knowledge blocking provision within the Cures Act to help claims of unfair competitors beneath Maryland regulation as a result of (i) a federal statute missing a personal proper of motion can’t help a Maryland unfair competitors declare and (ii) the Cures Act preempts any state regulation declare. PointClickCare additionally argued that even when Actual Time may depend on the Cures Act, PointClickCare didn’t violate the knowledge blocking provision of the Cures Act as a result of the Method, Well being IT and Safety exceptions utilized. The Fourth Circuit rejected all these arguments. On April 23, 2025, the Fourth Circuit rejected PointClickCare’s petition for enbanc assessment. The case is ready to return to the District Courtroom for trial proceedings.
Intus Care, Inc. v. RTZ Assocs., Inc.
Intus Care can be a well being analytics firm that contracts with care suppliers who present care by the federal Program of All-Inclusive Look after the Aged (PACE). Many of those suppliers preserve their data in a program referred to as PACECare, which is operated by RTZ. Intus Care alleged that RTZ refused to supply Intus Care entry to those data in an effort to drive these suppliers to RTZ’s competing analytics product. Intus Care introduced California state regulation claims together with intentional interference with potential financial benefit. RTZ’s movement to dismiss this declare was denied.
Key Holdings
- An alleged data blocking violation beneath the Cures Act will be the idea for a state regulation unfair competitors declare.
PointClickCare asserted that as a result of there isn’t any personal proper of motion beneath the Cures Act for an data blocking violation, it couldn’t be relied upon when assessing the viability of Actual Time’s state regulation unfair competitors declare. The Fourth Circuit disagreed, noting that the shortage of a federal personal proper of motion, in and of itself, doesn’t bar a plaintiff from counting on such a violation as proof to help a state regulation declare. As a substitute, the Fourth Circuit distinguished between whether or not the violation is getting used as proof to help an current state regulation declare or whether or not the state regulation declare is a shell for an otherwise-unavailable federal declare. The place, as was the case in Actual Time, the violation is used as proof to help a component of state-law declare for unfair competitors – that’s, used to ascertain that an motion was unfair or wrongful – the shortage of a personal proper of motion is inconsequential. Equally, the trial choose in Intus Care concluded {that a} Cures Act violation would represent an “independently wrongful” act adequate to help a declare for intentional interference with potential financial benefit beneath California regulation, although the Cures Act lacks a personal proper of motion.
- Federal regulation doesn’t preempt state regulation claims involving data blocking violations.
The Fourth Circuit additionally concluded that state regulation claims involving data blocking violations should not preempted by federal regulation. The Courtroom famous that the Cures Act contemplates state regulation associated to data blocking. It defined that the existence of federal mechanisms to resolve Cures Act violations is inadequate to indicate Congressional intent to preempt state regulation causes of actions based mostly on habits that may qualify as data blocking.
- The Method Exception requires events to barter in good religion and articulate some cause for an deadlock apart from unwillingness to barter for every class of requested information.
The Method Exception states that entities topic to the knowledge blocking laws (i.e. licensed well being IT builders, well being data networks/well being data exchanges, and suppliers (every an “actor”)) “should fulfill a request for digital well being data in any method requested, until the actor is technically unable to satisfy the request or can’t attain agreeable phrases with the requestor to satisfy the request within the method requested.” 45 C.F.R. § 171.301(a)(1). Even the place events can’t attain agreeable phrases, the request should be fulfilled in an alternate method. 45 C.F.R. § 171.301(b)(1). PointClickCare asserted that even when its failure to share data with Actual Time could possibly be thought-about data blocking, the Method Exception ought to apply as a result of the events couldn’t attain agreeable phrases for disclosure. The Fourth Circuit rejected this reasoning, noting that PointClickCare has been unwilling to comply with disclosure phrases. In emphasizing the excessive bar for the Method Exception, the Courtroom famous that the phrase “can’t attain agreeable phrases” implies at the least some affordable efforts and articulable the explanation why the events can’t come to an settlement, which didn’t exist within the case. The Courtroom highlighted {that a} get together in search of to invoke the Method Exception should achieve this individually for every class of requested information.
- The Well being IT and Safety Exceptions should be carried out in a constant and nondiscriminatory method.
PointClickCare additionally tried to depend on the Well being IT and Safety Exceptions to justify its failure to reveal data to Actual Time. However the Fourth Circuit opined that each the Well being IT and Safety Exceptions didn’t apply as a result of PointClickCare’s apply of utilizing indecipherable CAPTCHAs was not carried out in a constant and nondiscriminatory method, as required beneath each exceptions. The Safety exception didn’t apply additionally as a result of PointClickCare didn’t articulate a selected safety threat posed by Actual Time’s bot entry.
Conclusion
State courts might quickly play a extra distinguished function in data blocking enforcement because the premise for state regulation violation claims, even when the variety of such circumstances continues to be low. With respect to the Method Exception particularly, based mostly on these holdings, actors ought to doc their good religion efforts to barter with requestors of digital well being data and explanations of why such efforts failed after they do. Actors additionally ought to doc how they’ve offered entry to all classes of information requested and for any classes of information requested the place they weren’t in a position to take action, how a special exception utilized, such because the infeasibility exception the place the request was too burdensome or not doable.
