§ 170.403 Communications.
(a) Condition of Certification requirements. (1) A health IT developer may not prohibit or restrict any communication regarding—
(i) The usability of its health IT;
(ii) The interoperability of its health IT;
(iii) The security of its health IT;
(iv) Relevant information regarding users' experiences when using its health IT;
(v) The business practices of developers of health IT related to exchanging electronic health information; and
(vi) The manner in which a user of the health IT has used such technology.
(2) A health IT developer must not engage in any practice that prohibits or restricts a communication regarding the subject matters enumerated in paragraph (a)(1) of this section, unless the practice is specifically permitted by this paragraph and complies with all applicable requirements of this paragraph.
(i) Unqualified protection for certain communications. A health IT developer must not prohibit or restrict any person or entity from communicating any information whatsoever (including proprietary information, confidential information, and intellectual property) when the communication is about one or more of the subject matters enumerated in paragraph (a)(1) of this section and is made for any of the following purposes:
(A) Making a disclosure required by law;