Officials at ONC are determined to smother the notion that HIPAA and its PHI regulations interfere with providers’ capacity to exchange patients’ health information. At least that’s the implication behind a collection of educational resources being published and promoted by ONC.
In response to frequent complaints that HIPAA stifles the transmission of patient data between provider networks, Lucia Savage, chief privacy officer at ONC, and Aja Brooks, ONC privacy analyst, co-authored an introductory blog post that outlines a forthcoming informational series from ONC. The four-part blog series will cover the following areas of HIPAA:
- Part one will discuss the permitted uses and disclosures, or situations in which HIPAA covered entities aren’t required to obtain authorization from a patient before sharing their PHI.
- Part two will define permitted uses and disclosures and explain how they support interoperability.
- Part three will provide examples of health information exchange from provider-to-provider and between providers and payers.
- The topic of the final part of the series will be the interoperable passage of PHI for quality assurance and population-based activities.
Two fact sheets were mentioned in the ONC’s blog post and were created with input from the HHS Office for Civil Rights (OCR), the agency that enforces the HIPAA Privacy and Security Rules. The fact sheets detail scenarios in which a patient’s PHI can be shared between two covered entities without first needing permission from the patient. PHI can be shared for healthcare operations purposes such as during clinical quality assessments or patient safety activities. Providers are also allowed to exchange PHI when referring a patient or coordinating care with another covered entity, according to the ONC and OCR resources.
This blog series on HIPAA and the open exchange of patient information aligns with ONC’s recent push for more health IT interoperability. The Shared Nationwide Interoperability Roadmap, released by ONC a year ago, plots out a 10-year path for U.S. providers to operate within an interoperable health IT infrastructure. The goal of that roadmap is for information to flow easily between providers so they can improve the quality of their care. With the publication of its series of blogs, ONC is seemingly making a statement that providers can no longer use their fear of HIPAA violations as an excuse for not joining the health IT interoperability movement.