doctor writing notes from electronic medical record

The Cures Act Information Blocking Exceptions Preserving Patient Security

Filed Under: , Articles, EMR Regulations
October 31, 2023 by Tyler Soule

The Cures Act revolutionizes the speed and ease patients have to access their electronic medical records, ushering in both beneficial and adverse consequences. This comprehensive four-part series delves into the intricate implications of this legislation for legal professionals.

Comperio Legal Services provides skilled attorneys the electronic medical record analysis and expert witnesses they need to win. To learn more about how this legislation impacts your case, schedule your FREE, no-obligation case consultation today.

FREE Case Review

Keeping Data Secure

The seamless sharing of electronic health information (EHI) has become more important in the ever-changing healthcare environment for providing effective, coordinated treatment. The Information Blocking Provision was proposed in the 21st Century Cures Act, which was passed in December of 2016 and recognized the potential of interoperability and data sharing. While methods that obstruct the exchange of health information are very discouraged by this legislation, it also creates eight thorough exceptions. These exclusions act as guidelines to protect the confidentiality, integrity, and availability of patient data (Mace). We will examine each exception in this article, outlining its relevance, goal, and practical ramifications for fostering efficient and ethical information flow.

1. Preventing Harm

One of the exclusions allows medical professionals and those creating health IT to limit access to, sharing of, or use of EHI if they have a good faith belief that doing so would be harmful to a patient or another person (Saldukas, 2021). This exemption acknowledges the significance of patient safety and permits healthcare professionals to use their discretion to avert potential damage. To be effective, this exemption must be used in good faith and be based on an accurate evaluation of the possible damage.

2. Privacy

A further exemption permits the blocking of information if it is required to safeguard the privacy of the person whose EHI is being requested. If the “necessary conditions” listed in your State and Federal legislation are met, you are not compelled to allow access to EHI. Additionally, you must confirm that your justification conforms with the HIPAA Privacy Rules’ requirements for “unreviewable grounds”. Other scenarios include demands from prisoners, research findings or data, and information from non-healthcare providers based on a confidentiality agreement (Saldukas, 2021).

Although privacy is a crucial concern, this exemption shouldn’t be used as a general justification for withholding data. It should only be used in situations where doing so is absolutely required to safeguard the privacy of the person in question.

3. Security Exception: Fortifying the Digital Ramparts

Protecting sensitive patient data from cyber-attacks is essential in today’s computerized healthcare environment. In response to this requirement, the Security Exception permits healthcare providers to withhold EHI if disclosing it could jeopardize the security of their information technology (IT) systems. In order to qualify for this exemption, you must have solid organizational security procedures and policies in place that address a range of unique circumstances (Saldukas, 2021) This exemption strengthens the digital ramparts, enabling providers to implement strong security measures, safeguarding confidentiality and integrity of patient data in a world that is becoming more interconnected.

4. Infeasibility Exception: Addressing Technological Constraints

Despite the impressive developments in health IT, healthcare companies could come across circumstances when it is technically impossible to fulfill an information request, like public health emergencies, internet outages and natural or man-made disasters (Suldukas, 2021). The Infeasibility Exception recognizes these limitations and allows providers to withhold EHI when instant access is technically impractical owing to a lack of available technology resources or capabilities. This exemption makes sure that information blocking isn’t unfairly blamed in situations where healthcare organizations confront practical difficulties.

NOTE: After claiming this exception, there is a 10-day deadline to communicate the reasoning for making said decision.

5. Health IT Performance Exception: Prioritizing Optimal System Functionality

Healthcare professionals largely rely on reliable health IT systems to offer high-quality treatment. When disclosing the information may plausibly result in the performance of their system being compromised, or if the system is undergoing maintenance or upgrades (Suldukas, 2021), providers are permitted to withhold EHI under the Health IT Performance Exception. This exemption protects the efficacy and efficiency of healthcare delivery by placing a priority on the flawless operation of IT infrastructure, averting possible disruptions that can jeopardize patient care.

6. Content and Manner Exception: Safeguarding Data Integrity

The Content and Manner Exception recognizes the hazards associated with exchanging EHI, including the transfer of harmful code or data that could jeopardize the security of IT systems. Healthcare providers have the authority to decide the format and content of exchanged information in order to reduce these risks. Organizations are given clear and flexible guidance on the scope of a request to access, share, or utilize EHI by the content and method exception (Mace). This exception guarantees that data integrity is preserved throughout the information transmission process by imposing stringent standards and regulations.

7. Fees Exception: Balancing Costs and Sustainability

Healthcare providers must pay for maintaining and managing electronic health information (EHI). This fact is acknowledged by the Fees Exception, which allows providers to impose fair and non-discriminatory charges for using, exchanging, or accessing EHI (Suldukas, 2021). This exemption achieves a compromise between the necessity to recoup costs incurred during information transmission and the need of encouraging long-term data-sharing practices that benefit all parties involved in the healthcare ecosystem.

8. Licensing Exception: Respecting Intellectual Property Rights

Patents, copyrights, and trade secrets are just a few examples of property rights that are important to furthering healthcare. In this case, you are permitted to collect royalties in order to recoup part of the costs you incurred when creating, maintaining, and updating your technology (Suldukas, 2021). This exemption promotes an environment of creativity while guaranteeing the security of confidential information. Developers of healthcare technology are more likely than individual clinics to make use of this exemption.

Information Blocking Act Paves the Way for Healthcare Revolution

The Information Blocking Act acts as a catalyst for healthcare reform within the larger context of the 21st Century Cures Act by facilitating the frictionless interchange of crucial patient health information. The legislation achieves a delicate balance between fostering interoperability and protecting patient privacy, data security, and system integrity through the careful definition of eight exceptions. These exclusions give healthcare providers a clear road map for responsible information exchange, ensuring that the data flow supports the delivery of treatment, improves patient outcomes, and stimulates innovation. Healthcare companies may confidently negotiate the complicated information-sharing landscape and help to create a future in which data-driven care is the standard by embracing these exceptions.

We Help You Navigate

Do you have an expert understanding of the risk posed by the electronic medical records in your case? Discover the truth. Schedule your FREE, no-obligation case consultation today.

FREE Case Review

Stay up-to-date with the latest industry updates by signing up for Comperio’s monthly newsletter.


Contact Us

Schedule a Free Initial Case Review

Debating a case theory or stuck on a critical decision point? Our extensive understanding and technical knowledge of electronic medical record systems will help you unravel the complex nature of digital health data and increase the speed and efficiency at which you build a winning case!

Schedule a free case review with one of our experts today!