Portions of this content first appeared in Healthcare Business Today. Read the full, unabridged article by clicking the link.
Responsible data sharing can be a real challenge—you’ve got to thread the needle and be sure you’re balancing and protecting patient privacy, but not preventing too much data from going through.
After decades of focusing on protecting patient privacy, leaders leaning too heavily on the Health Insurance Portability and Accountability Act (HIPAA) could soon face consequences for information blocking.
HIPAA, enacted in 1996, sets the standard for the protection of patient information and provides individuals with certain rights regarding their health information. Compliance with HIPAA is non-negotiable for healthcare entities, as violations can lead to severe consequences, including hefty fines, damage to reputation, and even investigation by the Department of Justice.
It’s enough to make anyone lock down their data and prevent the release of any information. But that’s not a good idea, either. The 21st Century Cures Act, passed in 2016, aims to eliminate information blocking and promote interoperability among health information technologies. Failure to comply with these regulations can also result in penalties and legal repercussions.
That leaves leaders at health plans, providers, and digital health companies with the responsibility of balancing the exposure and risk of sharing the right information in the right ways.
The Conflict: Patient Privacy VS Information Blocking
The conflict between HIPAA’s emphasis on restricting information and interoperability’s goal of promoting information sharing can pose a real challenge. HIPAA’s primary focus is on limiting access to patient data to authorized individuals, ensuring the privacy and security of sensitive health information. In contrast, interoperability aims to break down data silos and facilitate seamless information exchange for better-coordinated patient care.
Earlier this year, the US Department of Health and Human Services (HHS) proposed new rules to disincentivize information blocking. The proposed consequences for information blocking by the US Department of Health and Human Services include imposing substantial fines on healthcare entities found guilty of obstructing the exchange of electronic health information.
Additionally, there may be legal actions taken against organizations that engage in practices hindering interoperability, reflecting a commitment to enforcing penalties that align with the severity of such violations.
These proposals increase the stakes for hospitals thinking through their data infrastructure strategies. We’ve pulled together some ideas for those looking to increase data flows between organizations.
We previously shared our strategies for striking the balance in an article we published in Healthcare Business Today. We'd encourage you to visit that for greater detail. Those strategies basically focus on six key areas:
1. Granular Consent Mechanisms
2. Role-Based Access Control
3. Secure Cloud-Based Platforms
4. Transparent Communication With Patients
5. Standardization Of Data Formats
6. Regular Audits And Monitoring
Striking the right balance requires continuous vigilance and a commitment to providing high-quality, secure, and interoperable patient care. By navigating this terrain effectively, healthcare entities can ensure compliance with regulatory requirements while harnessing the benefits of improved information exchange for the betterment of patient outcomes.