Although providers are sometimes hesitant to share patient information because of legal concerns, HIPAA does not prohibit payers and providers from sharing data to develop clinical best practices. But there are several nuances hospitals should be aware of, according to two privacy attorneys.
Specifically, agreements that compensate providers for protected health information (PHI) could be problematic.
HIPAA allows hospitals to share PHI to develop clinical guidelines, improve outcomes for certain populations or develop protocols, but providers often shirk the idea of sharing information out of concerns that they will run afoul of the law, Reece Hirsch and Andrew Ruskin, partners at Morgan Lewis in San Francisco wrote in a blog post.
In a hypothetical scenario posed by the attorneys, a healthcare system could make PHI accessible to other provider or payers on a cloud-based platform to develop clinical protocols.
But providers need to be aware of information sharing arrangements that might implicate a provision of HIPAA that prohibits organizations from selling PHI.
Although a health plan could cover any costs the hospital incurs in organizing the data, a “lucrative provider agreement,” or even a joint venture that offers a small return in exchange for information sharing could violate the law.
Some researchers have wondered whether HIPAA needs an update to keep pace with a rapidly evolving industry that is more focused on data than ever before. Still, payers and providers are finding new ways to engage in data partnerships as a way to advance value-based payment models.