Before the release of the omnibus privacy rule earlier his year, or passage of the more stringent privacy provisions of the American Recovery and Reinvestment Act of 2009, or even the main federal health information privacy law, the Health Insurance Portability and Accountability Act of 1996, there were state, federal and common law provisions in full force about the handling of particularly sensitive patient information.
That special class of patient information includes patient records about treatment for drug and alcohol abuse, mental health, HIV/AIDs and sickle cell.
A workgroup of the federally chartered Health IT Policy Committee spent the better part of an hour Tuesday going over its recommendations on how to handle the legal and ethical privacy concerns over the exchange of digitized patient records. The gnarliest problem, evidenced by the longest discussion, related to the exchange of these particularly sensitive types of patient information, some with unique legal protections that are far more stringent than the rather lax restrictions under the current HHS interpretation of HIPAA.
Recommendations to the HITPC by its privacy and security tiger team, as the workgroup is officially called, were formally accepted for two of three classes of exchange. From there, they will be forwarded to the Office of the National Coordinator for Health Information Technology at HHS. The HITPC was created by the American Recovery and Reinvestment Act of 2009 to give such advice to the ONC.
Approved were recommendations on routine, “targeted” exchanges between providers with established relationships, exchanges in the paper world long since covered by HIPAA. In these transactions, after a 2002 HHS rewrite of the HIPAA privacy rule, patient consent is no longer required when the exchange occurs for treatment, payment and—this is where the laxity comes in—a host of “other healthcare operations.”
Read more »
Permalink | Post a Comment
