Skip to main content

Eight Exceptions to Information Blocking Rule Highlighted

Analysis  |  By Scott Mace  
   March 02, 2021

Guide details these 21st Century Cures Act exceptions with one month to go until this federal regulation becomes effective.

On April 5, the 21st Century Cures Act: Information Blocking, Interoperability, and the ONC Health IT Certification Program final rule takes effect.

The Journal of AHIMA, the American Health Information Management Association, recently published a helpful guide to the eight exceptions to the information blocking rule incorporated into the Cures Act final rule.

These exceptions were necessary to allow the final rule to comply with other privacy laws and, in certain circumstances, to guard the integrity and security of electronic health record (her) systems, according to the guide's authors, Sharon Slivochka, RHIA, Cleveland Clinic director of electronic health record in health information management, and Diana Warner, MS, RHIA, CHPS, CPHI, FAHIMA, director of account management at security provider MRO.

The authors recommend steps for setting up an enterprise-wide information governance framework for a structured approach to compliance.

The eight exceptions explained in detail in the guide are:

  • Preventing harm
  • Privacy
  • Security
  • Infeasibility
  • Health IT performance
  • Content and manner
  • Fees
  • Licensing

The preventing harm exception recognizes, in ONC's words, "that the public interest in protecting patients and other persons against unreasonable risks of harm can justify practices that are likely to interfere with access, exchange, or use of EHI [electronic health information]." But such exceptions, if used, must be appropriately documented.

The content and manner exception provides clear and flexible direction to organizations regarding the scope of a request to access, exchange, or use of EHI.

The guide recommends one approach to develop and implement policies related to requests for EHI. The guide also offers definitions of key terms in the final rule: EHI, access, exchange, use, information blocking, and the United States Core Data for Interoperability. Finally, it includes sample documentation of an EHI request denial, and a list of resources.

Scott Mace is a contributing writer for HealthLeaders.

Get the latest on healthcare leadership in your inbox.