HIPAA does not impact data sharing for quality assessment, says ONC

The Office of the National Coordinator for Health IT continues to spread the word that HIPAA does not hinder data exchange for healthcare operations, including for quality assessment and quality improvement activities, according to its latest blog post on HIPAA and interoperability.

In its fourth and last blog post in this series, Lucia Savage, ONC's chief privacy officer, and Aja Brooks, ONC privacy analyst, provide practical examples and illustrations of permitted uses and disclosures under HIPAA to carry out quality improvement activities. For instance, a provider who needs to know the health outcome of a patient she no longer has contact with for a quality review can contact another provider or query her health information exchange.

In a more complicated example, providers in an accountable care organization (ACO) with members operating as an Organized Health Care Arrangement (OHCA) may permit the ACO quality committee access to their patients' protected health information, say to review the treatment and health outcomes of ACO patients who experienced hospital-acquired infections or surgical errors.

If the providers are not in an OHCA, the ACO quality committee can still have access to the PHI for the quality assessment but only for patients who the providers have in common, not all patients in the ACO.  

The blog post also explains that providers and plans can share information for population-based activities.

"Unaffiliated hospitals in the same community often see the same patients and may not be able to tell whether a patient's hospital-acquired infection resulted from care received at the current treating hospital or from a prior visit to a separate hospital in the community. The hospitals that have treated or are treating the patient may use Certified EHR Technology to share relevant PHI to try to determine the source and/or cause of the infection in order to prevent further infections," Savage and Brooks write. 

The ONC and the Office for Civil Rights have been trying to allay fears among covered entities that HIPAA prevents them from exchanging patient data. It is expected that this additional guidance will reduce confusion and information blocking.

To learn more:
- read the blog post