Information Blocking

What are these “Information Blocking Exceptions”
that I Keep Hearing About?

An Overview
(Part 1 of 8)

You may have heard about the exceptions to the Information Blocking Rule and how these exceptions can protect an Actor from liability. But what are these exceptions, and what is their purpose? Congress, in the 21st Century Cures Act, directed the Secretary of Health and Human Services to identify activities that would implicate information blocking but that, nonetheless, serve the greater public good. Based on this legislative intent, ONC created eight information blocking exceptions. It is vital to understand that an exception involves a Practice that would be prohibited by the Information Blocking Rule but for the fact that the Practice serves a greater public good. It is this greater public good that led ONC to allow Actors to engage in specific information blocking activity via an exception.

The fact that every exception involves an information blocking Practice explains why there are only eight exceptions and why the requirements to meet an exception are so specific. With that in mind, this first post in our series on the information blocking exceptions provides a high-level overview of the exceptions.

Exception Categories
There are two broad categories into which the information blocking exceptions fall:
  • Five of the exceptions involve not fulfilling requests to access, exchange, or use EHI.
  • Three of the exceptions involve procedures for fulfilling requests to access, exchange, or use EHI.

Exceptions Overview
Exceptions involving not fulfilling requests to access, exchange, or use EHI:
  • Security Exception - When will an Actor’s Practice that is likely to interfere with the access, exchange, or use of EHI not be considered information blocking because it is reasonable and necessary to protect the security of EHI?
  • Health IT Performance Exception - When will an Actor’s Practice that is likely to interfere with the access, exchange, or use of EHI not be considered information blocking because it is implemented to maintain or improve health IT performance?
  • Privacy Exception - When will an Actor’s Practice of not fulfilling a request to access, exchange, or use EHI not be considered information blocking because the Practice fits within one of four narrow means of protecting patient privacy?
  • Preventing Harm Exception - When will an Actor’s Practice that is likely to interfere with the access, exchange, or use of EHI not be considered information blocking because the Practice is reasonably intended to prevent harm to an individual?
  • Infeasibility Exception - When will an Actor’s Practice of not fulfilling a request to access, exchange, or use EHI not be considered information blocking because fulfilling the request is infeasible?
Exceptions involving procedures for fulfilling requests to access, exchange, or use EHI:
  • Content and Manner Exception - When will an Actor’s Practice of limiting the content of its response to or the manner in which it fulfills a request to access, exchange, or use EHI not be considered information blocking?
  • Fees Exception - When will an Actor’s Practice of charging fees for accessing, exchanging, or using EHI not be considered information blocking?
  • Licensing Exception - When will an Actor’s Practice of licensing interoperability elements in order for EHI to be accessed, exchanged, or used not be considered information blocking?

Satisfying an Exception
An Actor must meet every element of an exception in order to be certain that its Practice is protected from information blocking penalties or disincentives. Meeting most of the requirements of an exception (or a combination of partial requirements from different exceptions) is NOT sufficient to fit within the “safe harbor” of an exception. In other words, if an Actor cannot comply with every element of an exception, then the Actor cannot be certain that its refusal to fulfill a request or its procedure for fulfilling a request for EHI will not be considered information blocking.

UP NEXT ...
Because each of the information blocking exceptions is narrowly defined—much more so than you might expect—we will be doing a series of posts that break down the elements of each exception. Stay tuned for a closer look at the Security Exception and the Health IT Performance Exception!

Download a copy of this post


Return to the Information Blocking Resource Page