Your exclusive source for all Medicare and Medicaid information with emphasis on the critical issue of payment, the CCH Medicare and Medicaid Guide offers comprehensive, full-text reporting of federal Medicare and Medicaid law and regulation provisions and summary reporting of state Medicaid programs. It provides complex reimbursement, prospective payment, eligibility and coverage rules for health care professionals and suppliers of health services, plus federal laws and regulations, manuals, and forms.
Learn More »Health information exchanges (HIE) and health care providers reported that: (1) they implement disclosure practices for safeguarding personal information to help ensure the appropriate use and disclosure of electronic personal health information (PHI) for treatment purposes, and (2) electronic sharing of health information has a positive effect on the quality of care, according to the Government Accountability Office (GAO).
The “Fair Information Practices” are used as a framework for protecting personally identifiable information such as PHI. The core elements of the Fair Information Practices are reflected in the HIPAA privacy and security regulations and seven key practices, to wit: (1) informing individuals about the use of their information and how it is to be protected; (2) obtaining individual consent; (3) facilitating individual access to and correction of records; (4) limiting use and disclosure to a specific purpose; (5) providing security safeguards; (6) ensuring that data are accurate, timely, and complete; and (7) establishing accountability for how personal information is protected.
The providers and HIEs implemented the seven key practices to varying extents. With respect to patient access to their PHI, most providers stated that they require patients to request access in writing and to view or obtain their PHI in person. The providers also require patients to submit a written request for a correction in most cases.
All of the HIEs and providers reported that they limit disclosures by implementing role-based access controls through their systems. For uses of PHI other than treatment, the HIEs and providers limit disclosure of PHI to the purposes allowed by HIPAA, such as reporting de-identified health data to public health agencies to track diseases.
The HIEs and providers implement various provisions to secure PHI against improper use and disclosure. To ensure that the data are accurate and complete, the HIEs reported that they perform data quality testing prior to incorporating providers' data into their systems. The HIEs generally rely on their providers to ensure the accuracy and completeness of PHI.
The HIEs and providers reported similar steps to establish accountability for how PHI is protected. All of the HIEs have included in their agreements with participating providers procedures for appropriate disclosure and consequences for the improper use of PHI. Similarly, all of the providers stated that they took steps to train staff on privacy and security polices.
GAO Report, No. GAO-10-361, Feb. 1, 2010.
CCH® ChargeMaster Comply™
Automating your Hospital ChargeMasterCCH® ChargeMaster Comply™ is an internet-based hospital assistant for maintaining a Charge Description Master. Learn More » |
Medicare and Medicaid GuideOffers comprehensive, full-text reporting of federal Medicare and Medicaid law and regulation provisions and summary reporting of state Medicaid programs. Learn More » |
