Congress in the 21st Century Cures Act defined information-blocking practices and mandated HHS establish exceptions to its definition.
HHS’ Office of the National Coordinator for Health Information Technology outlined eight broad exceptions in its rule, the first five of which relate to when an entity doesn’t fulfill a request to exchange patient data and the following three of which refer to procedures an entity uses to facilitate data exchange.
Situations must be evaluated on a case-by-case basis to determine whether information blocking has occurred, according to ONC.
The list below is interactive: Click the name to view more.
Example: If a physician believes releasing a patient's data will result in harm to the patient.
Example: If an organization blocks access to a patient's data to protect the patient's privacy as required under state law.
Example: If an organization believes providing access to data in the way requested would pose a specific security risk.
Example: If an organization isn't able to provide access to data due to an uncontrollable event, like a natural disaster or internet service interruption.
Example: If an organization is temporarily unable to provide access to data while performing occasional IT system upgrades and maintenance.
Example: If an organization provides data in a different way than requested, provided they don't have the technical capabilities to do so in the requested manner.
Example: If a software developer charges fees to recover costs or receive a "reasonable profit margin" to exchange data, as long as the fee isn't based on a patient accessing their own data.
Example: If a software developer charges "reasonable royalties" to license an innovative interoperability tool that it's developed.