Deciding whether “to block, or not to block” health information based on an exception laid out in ONC’s Final Rule can quickly turn into a Shakespearean tragedy unless Actors understand in advance the specific criteria that must be met in order to satisfy any such applicable exception.
As part of its comprehensive COVID-19 response, Congress quietly passed through changes to the federal drug and alcohol confidentiality framework known as “Part 2” under the CARES Act, enacted on March 27. One of the more underreported components of the CARES Act, the changes do not completely overhaul the Part 2 regulations, however, they relax several restrictions that health care providers have struggled with, particularly in the electronic exchange and electronic health records (“EHR”) context (the “CARES Act Changes”).
Under the ONC’s Final Rule on Information Blocking, Health Care Providers, HIEs and HINs will be legally prohibited from interfering with the access, exchange, or use of EHI unless an exception applies. However, HIEs/HINs that are HIPAA Business Associates are not allowed to use or further disclose PHI other than as permitted or required by their HIPAA BAAs with respective health care providers. So, what happens if a Health Care Provider and its HIPAA Business Associate HIE/HIN disagree on whether an exception allows EHI to be withheld from access, exchange or use under a certain set of specific facts?
On April 9th, HHS announced a new Notification of Enforcement Discretion Regarding COVID-19 Community Based Testing Sites. The Notification of Enforcement Discretion has a retroactive date to March 13, 2020. The HHS Notification informs the public that it is exercising its discretion...
SAMHSA Public Session to Discuss Part 2 Regulations & HIE The Part 2 regulations which govern and protect information created by drug and alcohol rehabilitation providers have caused challenges for electronic health information exchange ever since HIE became a household term (….ok, well at...
OCR Releases HIPAA De-identification Q&A Guidance With the weekend coming up, why not take a break from the holiday frenzy and read through OCR’s new HIPAA De-identification guidance. The approximately 30-page guidance document is an easy read, even for those of us who aren’t...
We “Like” Organ Donor Status on Facebook This post has been prepared by Christina Strong, Esq. The addition of “organ donor status” to Facebook is a tremendous boon for the communication of what is fast becoming a social norm, altruistic donation of one’s body, to take place after death. Unlike...
Grantees of HIE Funds Get “PIN-ned” on Privacy, Security and Patient Consent On March 22, 2012 HHS/ONC released a new Program Information Notice (PIN) called the “Privacy and Security Framework Requirements and Guidance for State Health Information Exchange Cooperative Agreement Program” (P&S...
When DHHS published its Proposed ACO Rule in April 2011 and then the Final ACO Rule in November 2011 (I’ll refer to them as the “ACO Rules”), discussions focused predominately on issues such as who is “qualified” to participate, what the required governance structure should be, what methodology will be used to assign Medicare beneficiaries, and what the payment models will be. However, as I digested the ACO Rules, my reading deliberately slowed down as I zeroed in on the not unremarkable language and comments CMS included with regard to sharing individually identifiable health information in the ACO context.
California HIE Demonstration Projects to Move Ahead with Opt-In Framework This past Wednesday, the California Office of Health Information Integrity (CalOHII) released a comprehensive whitepaper examining patient consent and other HIE framework efforts for entities participating in the...
Supreme Court to Hear Arguments on Suit for Damages under the Privacy Act The Supreme Court is scheduled to hear oral arguments tomorrow, November 30, in a suit for damages under the Privacy Act stemming from a wrongful disclosure of confidential information. Federal Aviation...
This article discusses generally certain legal and other challenges that networked HIE presents, as well as the effort of one HIE initiative that is looking to implement a technical solution to “segment” sensitive data and place it behind additional technological safeguards.
ONC’s Model PHR Notice Now Available to Vendors Following the release of its Federal Health IT Strategic Plan, the Office of the National Coordinator (ONC) has made available a Personal Health Record (PHR) Model Privacy Notice for PHR vendors to use in communicating their data practices...
Helen to Speak on Solving Privacy Dilemmas with Health Information Exchange at national Health Care Info Privacy Forum To Register, click here.
U.S. Supreme Court Strikes Down Vermont’s Prescription Drug Data Mining Ban Law Last Friday, the United States Supreme Court struck down the Vermont Prescription Confidentiality Law allowing prescriber-identifying information to be sold and disclosed by pharmacies and pharmaceutical...