The Office for the National Coordinator (ONC) released a fact sheet on the Exchange for Health Care Operations (45 Code of Federal Regulations 164.506 (c) (4)) that clarifies the uses and disclosures of patient information and data exchange between provider sets/Covered Entities (CE). Protected Health Information (PHI) may be disclosed “for certain activities without first obtaining an individual’s authorization: including for treatment and for health care operations of the disclosing CE or the recipient CE when the appropriate relationship exists”.
Leveraging HIPPA can positively impact the delivery of integrated care and improve the function of provider sets invested and at risk for a continuum of care and the coordination of that care. This is extremely important in addressing care transitions and reducing gaps in care, particularly for vulnerable populations with high rates of avoidable readmissions due to poor care linkages. Other vulnerable populations include those with complex care needs that require an array of specialist care to avoid high cost acute care needs.
Recognized activities noted by ONC for permitted data exchange among CEs include:
- “Conducting quality assessment and improvement activities”
- “Developing clinical guidelines”
- “Conducting patient safety activities as defined in applicable regulations”
- “Conducting population-based activities relating to improving health or reducing health care cost”
- “Developing protocols”
- “Conducting case management and care coordination (including care planning)”
- “Contacting health care providers and patients with information about treatment alternatives”
- “Reviewing qualifications of health care professionals”
- “Evaluating performance of health care providers and/or health plans”
- “Conducting training programs or related activities”
- “Supporting fraud and abuse detection and compliance program”
CEs sharing PHI must establish the following three requirements:
- CEs must have a prior or present relationship with the identified patient
- The released PHI must pertain to the treatment relationship
- The disclosing CE must release only the minimum information required for the service care.
Once network relationships are identified and secured segregated data pulls are constructed with the data architecture identified detailing the specific PHI value, an integrated reporting platform is necessary to house and distribute the secured report. ONC recommends using Certified Electronic Health Record Technology (CEHRT), who have passed compliance standards for secured data exchanges. The key factor to these data platforms that truly leverage the delivery of integrated care is the ability to provide actionable data among CEs that allow ongoing performance measure, as well as direct reporting to support successful care transitions. All with the goal of better population health, one patient at a time.