The Information Blocking Rule became effective April 5, 2021, requiring Covered Entities to develop and implement policies and procedures consistent with the rule. The following information may be used to develop your policy on excepts.
Practices or activities that satisfy one or more of these eight exceptions, as applicable, will not be considered Information Blocking if all the applicable exception(s) criteria are strictly met. The requirements for each exception are detailed and comprehensive, and all requirements must be met for the applicable exception(s) to apply.
Five (5) exceptions allow not fulfilling requests to Access, Exchange, or Use EHI. It is not considered Information Blocking if:
- Preventing Harm Exception: Covered Entity engages in practices that are reasonable and necessary to prevent harm to a patient or another person, provided certain conditions are met (45 CFR § 171.201).
- Privacy Exception: Covered Entity does not fulfill a request to Access, Exchange, or Use EHI in order to protect an individual’s privacy, provided certain conditions are met (45 CFR § 171.202).
- Security Exception: Covered Entity interferes with the Access, Exchange, or Use of EHI in order to protect the security of EHI, provided certain conditions are met (45 CFR § 171.203).
- Infeasibility Exception: Covered Entity does not fulfill a request to Access, Exchange, or Use EHI due to the infeasibility of the request, provided certain conditions are met (45 CFR § 171.204).
- Health IT Performance Exception: Covered Entity takes reasonable and necessary measures to make health IT temporarily unavailable or to degrade the health IT’s performance for the benefit of the overall performance of the health IT, provided certain conditions are met (45 CFR § 171.205).
Three (3) exceptions involve procedures for fulfilling requests to Access, Exchange, or Use EHI. It is not considered Information Blocking if:
- Content and Manner Exception: Covered Entity fulfills a request to Access, Exchange, or Use EHI in any manner requested or in an alternative manner, provided certain conditions are met, using (i) certified health IT specified by the requestor; (ii) content and transport standards specified by the requestor and published by the federal government or a standards-developing organization accredited by the American National Standards Institute; or (iii) an alternative machine-readable format, including the means to interpret the EHI, agreed upon with the requestor (45 CFR §171.301). This exception both establishes the content Covered Entity must provide in response to a request to Access, Exchange, or Use EHI in order to satisfy the exception, and establishes the manner in which Covered Entity must fulfill a request to Access, Exchange, or Use EHI in order to satisfy this exception.
- Fees Exception: Covered Entity charges fees, including fees that result in a reasonable profit margin, for Accessing, exchanging, or using EHI, provided certain conditions are met (45 CFR §171.302).
- Licensing Exception: Covered Entity licenses interoperability element for EHI to be Accessed, Exchanged, or used, provided certain conditions are met (45 CFR §171.303).
For a more detailed explanation of the Information Blocking exceptions and their requirements, read the Final Rule, 85 Fed Reg. 25642 Section VIII(D), pages 25820-25900.
Next Steps