Threading the HIPAA Needle through Information Blocking to Block Patient Access when Data is Corrupted

Threading the HIPAA Needle through Information Blocking to Block Patient Access when Data is Corrupted

by | Feb 18, 2021 | ,

The Information Blocking (IB) Rule is intended to work in sync with HIPAA, including the “right of access” the Privacy Rule grants to patients with regard to access to their own protected health information (PHI).  However, as I continue to analyze how to implement various standards that overlap between these two regulations, questions about how to thread the needle on seemingly conflicting standards continues to come up. Today, I take a closer look at the difference between HIPAA’s “right of access” as compared to the Preventing Harm Exception found in the IB Rule. Specifically, this post considers how a covered entity health care provider . . .

read more
How the Preventing Harm Exception Changes HIPAA

How the Preventing Harm Exception Changes HIPAA

by | Feb 9, 2021 | , ,

the “Preventing Harm Exception” under the Information Blocking Rule is not only the most challenging exception to apply, but also the most difficult to interpret – particularly where some of the standards do not exactly track HIPAA, and still other imprecise language ONC used has made its interpretation uncertain. In this post, I will attempt to distill the Preventing Harm Exception down to its basic elements, as well as point out issues in its interpretation to be aware of.

read more
A Look Ahead to 2021

A Look Ahead to 2021

by | Jan 18, 2021 | , , ,

The new year has much in store for electronic health information exchange compliance!  Today’s post provides an overview of anticipated changes to the health information regulatory landscape in 2021, including increased interoperability efforts and telehealth expansion due to the coronavirus pandemic. It is not surprising that many of the topics discussed below are a direct result of the interoperability requirements created by the 21st Century Cures Act (“Cures Act”) enacted in December 2016.

read more
A “Double-Double” Set of Proposed Rules from CMS & OCR Affecting Data Sharing & HIPAA

A “Double-Double” Set of Proposed Rules from CMS & OCR Affecting Data Sharing & HIPAA

by | Dec 14, 2020 | , , , ,

Late last week, two new proposed rules were released which will affect the exchange of health information and HIPAA, among other things.  The CMS and OCR proposed rules come in at over 347 and 357 pages respectively – so that’s a lot of meat to digest!  At a high level, the CMS Proposed Rule aims to “improve the electronic exchange of health care data among payers, providers, and patients,” and “streamline processes related to prior authorization to reduce burden on providers and patients.” The OCR proposed changes to HIPAA take a bite out of patient access, minimum necessary, the HIPAA NPP and more . . .

read more
ONC Releases Answers to Frequently Asked Questions to Information Blocking

ONC Releases Answers to Frequently Asked Questions to Information Blocking

by | Nov 4, 2020 | ,

On Monday, ONC posted a new Information Blocking Frequently Asked Questions resource!  Here are a few of the highlights from all of the FAQs responded to by ONC:

Q:  Are health plans or other payers subject to the information blocking regulation?

Q: For the period of time when Information Blocking is limited to USCDI data, how is an Actor expected to fulfill a request for USCDI data if they do not yet have certified health IT in place that includes an API with the USCDI standard?

Q: Is an Actor required to fulfill a request for access, exchange or use of EHI with all the EHI they have for a patient or should the amount of EHI be based on the details of the request?

read more
Who is on the “Hook” for Information Blocking?

Who is on the “Hook” for Information Blocking?

by | Oct 21, 2020 | ,

ONC’s final rule on Information Blocking implements the 21st Century Cures Act and fleshes out what is and is not a prohibited information blocking practice.  However, not all health care organizations and their vendors are on the hook for complying with this new regulation. In my post today, I want to drill down on the scope of health care providers that must comply with the Information Blocking Rule.

read more
Per ONC, Lab Results Generally Cannot be Delayed to “Prevent Harm” (unless threat to life & physical safety)

Per ONC, Lab Results Generally Cannot be Delayed to “Prevent Harm” (unless threat to life & physical safety)

by | Oct 8, 2020 | ,

As the November 2nd deadline for compliance with ONC’s Information Blocking Rule nears, many health care providers – which are “Actors” subject to the Rule – are scrambling to reexamine their default settings for sharing various types of data, including lab results. In ONC’s Final Rule preamble, several commenters indicated that providers’ current organizational policies call for practices that delay the release of laboratory results so that the patient’s clinician has an opportunity to review the results before potentially needing to respond to patient questions, or has an opportunity to communicate the results to the patient in a way that builds the clinician-patient relationship.

read more
Info Blocking Rules have you STRESSED?!! Join Helen O. for Two Not-to-Miss Workshops for Help!

Info Blocking Rules have you STRESSED?!! Join Helen O. for Two Not-to-Miss Workshops for Help!

by | Sep 23, 2020 | , , , ,

Join me for a pair of 1.5hr Information Blocking Workshops designed to work thorough the nitty-gritty details of the Information Blocking Rule.  The first Workshop will take place WEDNESDAY (9/30) so don’t delay! Workshops will include use cases and scenarios aimed at real challenges faced by health care providers looking to comply with these new regulatory standards for access and sharing of electronic health information. Registrants will receive 2 sample P&Ps, and much more!

read more
OCR Delivers a Quintuplet of HIPAA Resolutions – Sets the Tone for Providers Blocking Patients’ Access to PHI

OCR Delivers a Quintuplet of HIPAA Resolutions – Sets the Tone for Providers Blocking Patients’ Access to PHI

by | Sep 16, 2020 | , ,

Yesterday, all at once, OCR announced that it has entered into five new Resolution Agreements — each of them stemming from one or more violations of HIPAA’s right of  access afforded to individuals. There are several interesting observations about these new cases that are worth taking note of.

read more
Don’t Wait to Understand How “FHIR” Will Transform Health Information Exchange, or You’ll Feel the Heat When it Ignites!

Don’t Wait to Understand How “FHIR” Will Transform Health Information Exchange, or You’ll Feel the Heat When it Ignites!

by | Jul 14, 2020 | , ,

CMS & ONC have promulgated their Final Rules to implement the 21st Century Cures Act. A main goal is to accelerate the access, exchange and use of electronic health information (EHI).  One way this is being accomplished is to require certain entities and actors to provide Application Programming Interfaces (APIs) that use a new standard for data access and exchange called Fast Healthcare Interoperability Resources (aka “FHIR”).  These new standards for adopting FHIR for information exchange is expected to exponentially accelerate individuals ability to access and share EHI through mobile apps, as well as allow any third-party adopting such FHIR standards to obtain access to such EHI. Especially for HIPAA Privacy Officers, Security Officers, Compliance Officers and attorneys who have for years focused on ensuring that their organizations do not make the mistake of releasing protected health information to a third-party in violation of federal or state privacy and security laws, I feel your pain on FHIR! 

read more
Is Your Organization Ready to Send Patient Information to Apps by November?

Is Your Organization Ready to Send Patient Information to Apps by November?

by | Jun 19, 2020 | , , ,

Becker’s Hospital Review reported that 70% of CIOs are “concerned” about meeting the upcoming November 2nd deadline for complying with the Final Rules prohibiting information blocking practices. This is according to a survey conducted by CHIME, which included responses from executives at academic medical centers, critical access hospitals, multi-hospital systems and specialty hospitals.  Although the survey did not appear to identify specifically what concerns CIOs about complying with information blocking rules by this fall, one possibility is fully understanding how ONC’s information blocking rules will apply to releasing patients’ EHI to third-party apps.

read more
WEBINAR: Learn Which HIPAA Policies to Revise for ONC’s New Information Blocking Rule, Plus More!

WEBINAR: Learn Which HIPAA Policies to Revise for ONC’s New Information Blocking Rule, Plus More!

by | Jun 9, 2020 | ,

Join the NJ Chapter of HIMSS and Helen Oscislawski for this Webinar to get a lean and focused overview of what you need to do to comply with ONC’s and CMS’s final rules implementing the 21st Century Cures Act. On April 24, 2020, the OIG also released its Proposed Rule on CMPs to be imposed against Actors who engage in prohibited “Information Blocking.” These new rules turn on their heads certain HIPAA policies and procedures.

read more
Will ONC’s Final Rule put HIEs between a “Block and a Hard Place”?

Will ONC’s Final Rule put HIEs between a “Block and a Hard Place”?

by | May 18, 2020 | ,

Under the ONC’s Final Rule on Information Blocking, Health Care Providers, HIEs and HINs will be legally prohibited from interfering with the access, exchange, or use of EHI unless an exception applies. However, HIEs/HINs that are HIPAA Business Associates are not allowed to use or further disclose PHI other than as permitted or required by their HIPAA BAAs with respective health care providers. So, what happens if a Health Care Provider and its HIPAA Business Associate HIE/HIN disagree on whether an exception allows EHI to be withheld from access, exchange or use under a certain set of specific facts?

read more

Archives