Interoperability Regulations and the Effects on Health Information Management

March 30, 2023
MRO Privacy

In January 2023, the Health Data Management COVER story focused on the future of interoperability. As a follow up to this cover story, I wrote a guest article for them entitled 3 specific areas of data sharing to clarify and consider in 2023. Key takeaways from my article include:

Definitions and data sharing parameters for substance abuse must be revamped.

Two issues are beleaguering progress around substance abuse data sharing.

  1. HIPAA (where current rules lie) versus a proposed new rule allowing enhanced data sharing through a one-time permission granting by the patient. These two rules are at odds with each other, so that must be ironed out.
  2. Definitions of key terms within the two rules don’t match. Again, this must be rectified before moving forward with proposed changes in order eliminate all causes for possible confusion.

Reproductive health data protections need particular attention.

New rules and laws are making this a difficult topic to address for a few reasons.

  1. There is no definition of “reproductive health data” included in most of the rules and laws we’re seeing pass.
  2. Health information which many would consider “reproductive health data” is woven throughout a patient’s health record; there’s no one spot for it in an EHR. This makes it nearly impossible to pull out and/or segment.
  3. Decisions on how to redact this sensitive information must be decided on a state-by-state or even facility-by-facility basis.

Concerns about prior authorization changes should be raised.

Streamlining prior authorizations sounds like a fantastic idea on the surface, but…

  1. Real issues arise when one considers the APIs involved in the process. Without a full understanding of how information garnered through an API will be used, a patient may grant access to their health information being sold or used in marketing efforts.
  2. APIs add another layer of access to data that could be compromised, especially if that API is not governed by HIPAA.
  3. To add to the issue, the FTC, who is supposed to have governance in this arena, has never been granted full authority to enforce penalties.

In summary, while we’ve made real strides toward interoperability and responsible patient data sharing, there’s still work to be done. I, for one, am excited to see what’s next and how this can become second nature in the healthcare industry.

Newsletter Sign-Up

Recent Posts

Navigating the CMS 2025 Physician Fee Schedule Final Rule

Navigating the CMS 2025 Physician Fee Schedule Final Rule

The Centers for Medicare & Medicaid Services (CMS) 2025 Physician Fee Schedule (PFS) Final Rule brings notable updates to the Quality Payment Program (QPP), which will impact eligible clinicians, groups, virtual groups, subgroups, and APM entities. Whether you’re...

What is HEDIS? The Basics, Objectives and Significance

What is HEDIS? The Basics, Objectives and Significance

One of the most important tools utilized by payers across the country is the Health Effectiveness Data and Information Set (HEDIS), which is maintained by the National Committee for Quality Assurance (NCQA). HEDIS is a measurement set used to determine the efficacy of...