In Part 1 of our series on the information blocking exceptions, Gravely Group explained the rationale behind the creation of a set of exceptions for certain Practices that, while otherwise constituting information blocking, are nonetheless permitted because such Practices serve a greater public good. We also described the two categories of information blocking exceptions created by ONC, and we introduced the eight information blocking exceptions from the Final Rule and the operative question under each.
As we mentioned in the overview, each of the information blocking exceptions is narrowly defined, and an Actor must meet every element of an exception in order to be certain that its Practice is protected from information blocking penalties or disincentives. Meeting most of the requirements of an exception (or a combination of partial requirements from different exceptions) is NOT sufficient to fit within the “safe harbor” of an exception.
With that, let’s dive into the first of our eight information blocking exceptions...
In addition to the above, there are further requirements that must be met depending on whether the Practice is based on an organizational security policy or whether the Practice is in response to an unforeseen threat to the security of the EHI.
Note that, if the unavailability of an Actor’s health IT for maintenance or improvement is implemented to protect against a security risk, the Actor would need to meet all of the requirements of the Security Exception but not the Health IT Performance Exception.
Return to the Information Blocking Resource Page