Full text

PRACTICE BRIEF

practice guidelines for managing health information

THE PRIMARY FUNCTION of a health information exchange (HIE) is to permit access to clinical information on demand at the point of care. HIEs enable health information to be exchanged electronically between disparate healthcare information systems while ensuring information integrity. HIEs may also provide a structure for purposes like public health reporting, clinical quality measurements, biomedical surveillance, and consumer health informatics research.1

A successful HIE depends on trust between the patient, the healthcare provider, and the HIE. In order to build trust, HIEs must develop and implement policies and procedures guiding their operations, including how they will maintain and secure protected health information (PHI).

This practice brief identifies the policies, procedures, and best practices essential for successful HIE management and operations. It serves as a resource and reference guide for HIM professionals and subject matter experts involved with HIEs. (Appendix A in the online version of this practice brief provides a glossary of terms commonly used in HIEs.)

Federal Rules and Regulations That Affect HIE

Many federal laws and regulations govern the exchange of PHI. The Privacy Act of 1974, HIPAA, and the HITECH Act all include provisions to safeguard the confidentiality and integrity of PHI. HIEs must review every federal law and regulation that affects their operations to ensure compliance.

The HITECH Act expands the current federal protections for the privacy and security of PHI under HIPAA.2 It requires business associates comply with HIPAA, an obligation that originally was restricted to covered entities. It also extends business associate status to HIEs and authorizes state attorneys general to enforce HIPAA by initiating lawsuits on behalf of victims of security breaches.

Other federal laws and regulations that affect the exchange of health information include the Medicare Conditions of Participation, the federal regulations regarding Confidentiality of Alcohol and Drug Abuse Patient Records, the Family Educational Rights and Privacy Act, the Gramm- Leach- Bliley Act, and the Food, Drug, and Cosmetic Act.

There should be few conflicts among these laws; however, when state laws do conflict with federal laws, pre-emption applies. HIEs must consult with legal counsel to ensure appropriate compliance is met.

Resolving State Laws That Affect HIE

Many states have enacted their own, more stringent laws to govern...