HIPAA compliance and meaningful use

As you may know, there are more than a few federal agencies that impact HIPAA and its compliance. Two or the most important are the Office for Civil Rights, known by its acronym OCR, and The Office of the National Coordinator, its acronym is ONC.

OCR writes and enforces the HIPAA Privacy, Security and Breach Notification Rule. OCR is also responsible, along with the Centers for Medicare and Medicaid (CMS), for the Meaningful Use Rules and Standards.

One of the major things that meaningful use is about is gaining more “real” interoperability between and amongst the electronic records and there systems, ePHI, that is still distributed in SILOS across the healthcare industry!

Until February 2016 the HIPAA guidance on privacy, security and breach notification was all written and posed ONLY by OCR. Last month ONC posted four very good blogs on HIPAA compliance as it relates to Meaningful Use.

Remember, all three stages of Meaningful Use require the providers and hospitals that have received or will receive EHR $$$$ must do HIPAA compliance not only within the HIPAA Rules and the Meaningful Use Rules.

The blogs, in order of publication, are:

All four blogs include practical and real life examples, figures and rule citations. Plus, they are written in understandable words and terms, not in either legalese or technical-ese.

The interoperability blog includes information in the following areas:

For Healthcare Operations

  • Case management
  • ACOs, and
  • Population–based activities

For Treatment

  • Hospital and treating physician
  • Physician and care planner, and
  • Hospital to hospital transfer

The permitted uses and disclosures blog deals with the Privacy Rule requirements and the sharing of PHI and ePHI in the new digital environment, including:

  • Quality assessment and improvement activities
  • Patient safety
  • Reviewing healthcare professional qualifications
  • Evaluating provider and health plan performance, and more

In the third blog about care coordination, planning and management are excellent diagrams, and well as information for:

  • Provider care coordination
  • Provider care planning, and
  • Case management

The last blog addresses population-based activities, including, within and through:

  • HIE
  • ACO, and
  • With multiple-provider quality assessment activities

All of the information within the blogs is very good information for any provider, health plan, clearing house or business associate to use as both training material, and to augment your organization’s current HIPAA documentation.