Be wary of legal pitfalls when joining an HIE

One of the biggest draws of adopting electronic health records is the ability to share patient information electronically via health information exchanges (HIEs) cropping up across the country. However, there are legal considerations that providers should be aware of when joining an HIE, according to an article in the October 2011 issue of the Journal of AHIMA.

One of the most important legal concerns is the use of a good data use and reciprocal support agreement (DURSA) between the HIE and the healthcare organization to outline how to exchange information, as well as what do to when something goes wrong, article author Chris Dimick points out. A DURSA is a trust agreement developed by the government for the National Health Information Network (NHIN); however, many HIE's have not implemented a DURSA-based agreement, according to the article. Some of the DURSA provisions that should be in an agreement between an HIE and a provider include:

  • A code of conduct;
  • An oversight process to ensure compliance with the agreement;
  • A list of consequences for failing to uphold the agreement. 

There are additional legal issues that should be addressed, Dimick stresses. For instance, the parties to the contract need to comply with HIPAA, as well as state privacy and security laws. The contract also should protect the provider's intellectual property rights, since sometimes intellectual property is exchanged along with patient records, which can negate those rights.

What's more, healthcare organizations should check with their EHR vendors to make sure that they can share information with the HIE without violating any rights the vendor might have in its propriety software.           

To learn more:
- read the AHIMA article (.pdf) 
- check out this article from the American Bar Association Health Law Section