In this third post in Gravely Group's series on the information blocking exceptions, we will walk through the requirements of the Privacy Exception. The Privacy Exception focuses on when an Actor’s Practice of not fulfilling a request for electronic health information (EHI) will, nonetheless, not be considered information blocking because the EHI is withheld in order to protect an individual’s privacy. However, per ONC, this exception is narrowly intended to “allow for the protection of patients and other particular persons against substantial risks of harm otherwise arising from the access, exchange, or use of EHI in defined circumstances.”
You already know from our previous posts that an Actor who relies on an exception is required to meet every element of the exception. The Privacy Exception is uniquely structured in that it consists of four, discrete sub-exceptions. An Actor that relies on the Privacy Exception must meet all of the requirements under at least one of these four sub-exceptions.
 21st Century Cures Act: Interoperability, Information Blocking, and the ONC Health Certification Program, 85 Fed. Reg. 25642, 25821 (May 1, 2020), available at: https://www.federalregister.gov/d/2020-07419.
Return to the Information Blocking Resource Page