The Office of the National Coordinator for Health Information Technology (ONC) has launched a new four-part blog series to explain how the Health Insurance Portability and Accountability Act (HIPAA) not only protects personal health information from misuse, but also allows health information to be accessed when it is needed for patient care.
ONC released two new fact sheets with examples of when electronic protected health information (PHI) can be exchanged without a patient’s authorization under certain conditions. HIPAA provides many pathways for permissibly exchanging PHI. The fact sheets provide examples of actual scenarios to show how HIPAA supports the sharing of PHI for patient care, quality improvement, population health, and other activities.
The blog series discusses permitted uses and disclosures, and it gives examples of exchanges of health information for care coordination, care planning, and case management, both between providers and between provider and payers. The blog also provides examples of interoperable, permissible exchange of PHI for quality assurance and population-based activities. (The blog is available at http://tinyurl.com/hhsfpkj. For more on misuse of HIPAA and what is allowed, see “Denying release of PHI can be a HIPAA violation,” Healthcare Risk Management, March 2016, at http://tinyurl.com/jdo9tb4.)