· 1. Information likely to Cause Significant Harm. The GDPR advocates the importance of considering what information can and can not be published. There are specific well-established rules when dealing with HIPAA or providing patients with complete electronic access to their medical records. For example, if access is ‘likely to cause ....