Privacy laws complicate ACO efforts to share information freely
February 1, 2014 in Medical Technology
Data sharing is the lifeblood of accountable care organizations. As inpatient and outpatient providers work together to coordinate care for cost savings and improved outcomes, more and better information is critical to success.
But with more information comes more risk. In the education session “Coordinating Privacy and Security in ACOs,” on Tuesday, Feb. 25, from 1-2 p.m. in room 208C, attorney Adam H. Greene, an expert on HIPAA and HITECH, will offer his advice for making sure ACOs – with their massive amounts of patient data, both in motion and at rest – comply with tricky federal and state privacy laws.
Greene’s session will take a look at issues such as organized health care arrangements, restrictions on sensitive categories of information, business associate arrangements and more. He’ll offer suggestions for reconciling the spirit of ACOs with the letter of HIPAA law, pointing out the opportunities and limitations of health information exchange.
No question, these are complicated undertakings, said HIMSS director of Privacy Security Lee Kim. With ACOs, “You’ve got a boatload of information,” she says.
Moreover, it’s information “that’s very valuable, that may contain financial information, or may contain individually identifiable health information,” she said. “It might be sensitive information that certain states might consider to be super protected,” such as drug and alcohol abuse, HIV/AIDS or mental health status.
Add to that the fact that ACOs are “very highly regulated, and you have this complex dynamic going on,” said Kim. For instance, “HIPAA will allow you to do some things, but if you’re in a HIPAA-plus state where the information might be a sensitive category of medical information, even though HIPAA might allow you to do that data sharing, state law will require you to get an individual’s authorization or consent to share it.”
That makes for an “interesting tension,” she said: federal law permits it, but state law restricts it.
Whatever the state, wherever the organization, it’s crucial that ACOs “navigate carefully what they can and can’t do, and look at laws and regulations carefully,” said Kim.