EHR users could have trouble with new HIPAA provision

The new requirement in the HIPAA omnibus rule requiring providers to keep a patient's treatment from his health plan may be the new rule's "trickiest" provision for electronic health record users, according to a recent HealthcareInfoSecurity article.  

The rule, issued Jan. 25, requires providers to restrict disclosures of treatment to payers at the patient's request if the payment for the treatment is fully paid for out of pocket. The rule requires the patient's record to be "flagged" so that such disclosure does not occur.

However, complying with the rule may be particularly burdensome to EHRs users, since such tools currently don't have the capability to segregate that data to keep it from being submitted when sharing other parts of the record with the plan, say, for an audit. There also are concerns about how to flag the record itself when using an EHR, because there is no such designated field for that.

Private and public entities, such as the U.S. Department of Veterans Affairs and the U.S. Department of Health & Human Services, have been working on technical advances to segregate electronic information involving meta data tagging. Last September, the VA's Substance Abuse and Mental Health Services Administration successfully demonstrated the confidential data sharing of sensitive electronic patient information using tagging of sensitive data to ensure privacy.  

EHRs play a prominent role in implementation of the new HIPAA rule. HHS acknowledged the relationship between the new HIPAA requirements and health IT, specifically referring in its announcement of the rule the need to protect patient information "in an ever expanding digital age."

To learn more:
- read the article