The Office of the National Coordinator for Health IT (ONC) is working to disseminate the idea that HIPAA does not impede interoperability.
Through blog posts and fact sheets, the federal agency is explaining that HIPAA not only protects personal health information from misuse but enables that same information to be "accessed, used or disclosed interoperably, when and where it is needed for patient care," Lucia Savage, ONC's chief privacy officer, and Aja Brooks, an ONC privacy analyst, write in the first post of a four-part series.
The fact sheets were developed with input from the Department of Health and Human Services' Office of Civil Rights (OCR), and include examples of health data shared without authorization or a note from the patient, Savage and Brooks wrote.
This new series of clarification and guidance comes after last month's release by OCR of new guidance on patient data rights under HIPAA.
The first document focuses on "Permitted Uses and Disclosures: Exchange for Health Care Operations" and notes instances in which covered entities can share data with another covered entity or its business associate without prior authorization, including:
- Conducting quality assessment and improvement activities
- Developing clinical guidelines
- Conducting patient safety activities as defined in applicable regulations
- Conducting population-based activities relating to improving health or reducing health care
The second fact sheet covers the exchange of patient information between or among providers when it comes to treatments. It also reviews the role of business associates when it comes to patient information to create care plans, and the role of the provider and/or health plan in that exchange of data.
"The new fact sheets remind stakeholders through practical, real-life scenarios, that HIPAA supports interoperability because it gives providers permission to share PHI for patient care, quality improvement, population health and other activities," Savage and Brooks wrote.
Read the complete blog post.