New HIPAA Privacy Rule
Regarding The Sharing of Information for Oversight and Efficacy
As July of 2017 comes to a close, a new fact sheet has many in the healthcare industry talking. Recently the US Department of Health and Human Services’ Office of the National Coordinator for Health Information Technology, in conjunction with the Office for Civil Rights jointly published a fact sheet. This new sheet focuses on a key piece of the HIPAA Privacy Rule.
As healthcare providers, insurance providers and other offices adapt to the new technologies that offer improvements in patient care quality and cost, it requires that some sensitive information called Protected Health Information or PHI be shared when necessary.
In order to provide oversight into the complex healthcare system, it requires that some of this PHI be shared between healthcare providers and insurers and the oversight groups. This HIPAA Privacy Rule states that this is permitted, without the consent of individuals or patients, in certain instances and if shared via approved methods This joint fact sheet between the two Health and Human Services Offices shares information about these situations and methods of sharing this sensitive information.
Examples of When Information Might be Shared:
Below are just a few of the examples of reasons that oversight boards and committees may need to request sensitive patient health information provided by the Fact Sheet.
- To enable a Health Oversight Committee such as the Office of the Health Insurance Commissioner (OHIC) to accurately monitor and check for fact patterns that are evidence of detrimental activities, policies, procedures, etc.
- To enable state medical boards to monitor the efficacy, skill and ethical practice of licensed healthcare providers.
- To detect medical fraud.
- To allow the FDA to accurately determine whether devices, drugs or practices are causing harm, such as asking a hospital to deliver patient information on the performance of an implantable device.
To actually share the information, the Fact Sheet outlines that these health care providers and oversight committees should use Certified Electronic Health Record Technology, or CEHRT or other approved methods.