In February 2016, The Office of the National Coordinator for Health Information Technology (ONC) launched a new four-part blog series to explain the permitted uses of health information under HIPAA. The series emphasizes that HIPAA not only protects personal health information from misuse, it also enables personal health information to be accessed, used or disclosed interoperably, when and where it is needed for patient care.
We begin our coverage of the four-part series with Part 1: “The Real HIPAA Supports Interoperability.” This introductory post establishes HIPAA as serving the dual functions of protecting personal health information from misuse and also enabling personal health information to be used between Covered Entities (CE) under specific conditions.
ONC released two new fact sheets which give numerous examples of when electronic health information can be exchanged without first requiring an authorization or a writing of some type from the patient, so long as other protections or conditions are met. HIPAA provides many pathways for permissibly exchanging Protected Health Information (PHI).
The new fact sheets remind stakeholders through practical, real-life scenarios, that HIPAA supports interoperability because it gives providers permission to share PHI for patient care, quality improvement, population health, and other activities.
Next week, the blog series will continue to delve further into Permitted Uses and Disclosures. As per ONC, Blog #2 will be background on HIPAA’s Permitted Uses and Disclosures: what they are, and how they advance the national goal of interoperability. Blog #3 will give examples of exchange of health information for Care Coordination, Care Planning, and Case Management, both between providers, and between provider and payers. Finally, Blog #4 will give examples of interoperable, permissible exchange of PHI for Quality Assurance and Population-Based Activities, including via a health information exchange.