As you may know, there are more than a few federal agencies that impact HIPAA and its compliance. Two or the most important are the Office for Civil Rights, known by its acronym OCR, and The Office of the National Coordinator, its acronym is ONC.
OCR writes and enforces the HIPAA Privacy, Security and Breach Notification Rule. OCR is also responsible, along with the Centers for Medicare and Medicaid (CMS), for the Meaningful Use Rules and Standards.
One of the major things that meaningful use is about is gaining more “real” interoperability between and amongst the electronic records and there systems, ePHI, that is still distributed in SILOS across the healthcare industry!
Until February 2016 the HIPAA guidance on privacy, security and breach notification was all written and posed ONLY by OCR. Last month ONC posted four very good blogs on HIPAA compliance as it relates to Meaningful Use.
Remember, all three stages of Meaningful Use require the providers and hospitals that have received or will receive EHR $$$$ must do HIPAA compliance not only within the HIPAA Rules and the Meaningful Use Rules.
The blogs, in order of publication, are:
- Blog post 1: The Real HIPAA Supports Interoperability
- Blog post 2: Permitted Uses and Disclosures
- Blog post 3: Care Coordination, Care Planning, and Case Management Examples
- Blog post 4: The Real HIPAA: Quality Assessment/Quality Improvement and Population-Based Activities Examples
All four blogs include practical and real life examples, figures and rule citations. Plus, they are written in understandable words and terms, not in either legalese or technical-ese.
The interoperability blog includes information in the following areas:
For Healthcare Operations
- Case management
- ACOs, and
- Population–based activities
- Hospital and treating physician
- Physician and care planner, and
- Hospital to hospital transfer
The permitted uses and disclosures blog deals with the Privacy Rule requirements and the sharing of PHI and ePHI in the new digital environment, including:
- Quality assessment and improvement activities
- Patient safety
- Reviewing healthcare professional qualifications
- Evaluating provider and health plan performance, and more
In the third blog about care coordination, planning and management are excellent diagrams, and well as information for:
- Provider care coordination
- Provider care planning, and
- Case management
The last blog addresses population-based activities, including, within and through:
- ACO, and
- With multiple-provider quality assessment activities
All of the information within the blogs is very good information for any provider, health plan, clearing house or business associate to use as both training material, and to augment your organization’s current HIPAA documentation.