The DxF does not require any access, use, or disclosure of Health or Social Services Information (HSSI) that would be unlawful. The DSA requires Participants to share HSSI, which includes Protected Health Information (PHI) and medical information, for Required Purposes, which can be found in the Permitted, Required, and Prohibited Purposes Policy and Procedure, and subject to applicable law. If sharing HSSI is not permitted under applicable law, a Participant must respond to the requestor in accordance with the Requirement to Exchange Health and Social Services Information Policy and Procedure, Section III.1. A refusal to share HSSI because it is unlawful under applicable law is not information blocking under the draft California Information Blocking Prohibitions Policy and Procedure.

CDII encourages Participants to request patient authorization to share HSSI wherever possible when applicable law does not permit sharing for a Required Purpose in the Permitted, Required, and Prohibited Purposes Policy and Procedure. Nothing in the DxF, DSA, or the Policies and Procedures limits a patient’s right to decline to sign an authorization to share their information. When it is unlawful to share information without patient authorization and the patient did not sign an authorization, the Participant must not share HSSI under the DSA. In such instances, the DxF Participant would respond to the request for HSSI consistent with Requirement to Exchange Health and Social Services Information Policy and Procedure, Section III.1.