There are several questions here: Is this truly a HIPAA violation? Does it actually have anything to do with EHRs and Meaningful Use? From where does such misunderstanding emanate?
HIPAA.
Your legitimacy in viewing a patient's eRX history is not a function of the ability of the EHR to show it, rather a function of your permission to do so. If you have obtained the patient's consent through her/his signature of your statement of HIPAA privacy practices, there is no violation of HIPAA. The Privacy Rule (full text available on the HHS website) sets rules and limits on who can look at and receive a patient's health information. Here are two relevant points for this discussion:
Your health information can be used and shared: (1) For your treatment and care coordination, and (2) To make sure doctors give good care and nursing homes are clean and safe.
Your health information can be used and shared: (1) For your treatment and care coordination, and (2) To make sure doctors give good care and nursing homes are clean and safe.
Certified EHRs.
In the case under consideration, the management claimed other doctors had completed Meaningful Use Attestation and had not needed to view the patient's medication history.
While it is a true statement that no MU objective requires an Eligible Professional to look at a patient's eRx history, a certified Complete EHR must embed an e-prescribing solution. It is not acceptable to use a standalone e-prescribing solution when the EHR being used for Attestation is a Complete EHR.
We must also ask the question, could an EHR be certified by the Office of the National Coordinator if its use constituted a HIPAA violation?
While it is a true statement that no MU objective requires an Eligible Professional to look at a patient's eRx history, a certified Complete EHR must embed an e-prescribing solution. It is not acceptable to use a standalone e-prescribing solution when the EHR being used for Attestation is a Complete EHR.
We must also ask the question, could an EHR be certified by the Office of the National Coordinator if its use constituted a HIPAA violation?
Misunderstanding.
The management in question above further insisted that the doctor provide a statement of proof of necessity along the lines of "The doctor must attempt to get a patient's history of medications and allergies through the eRx software."
In our opinion, this is a misunderstanding of the privacy rule, pitting HIPAA against MIPPA . Yes, it is valid to seek to protect patient privacy. However, as seen above in the HHS rule, health reform is about improving treatment and care coordination. A doctor can only be alerted to medication allergies and contraindications if other medications are known.
Protected Health Information is protected for a reason but "protecting" patients against those whom they have chosen to ensure their treatment and care coordination is indeed a misunderstanding of both the letter and the spirit of the health laws.
Alistair Jackson, M.Ed.
Jim Grue, O.D.
The management in question above further insisted that the doctor provide a statement of proof of necessity along the lines of "The doctor must attempt to get a patient's history of medications and allergies through the eRx software."
In our opinion, this is a misunderstanding of the privacy rule, pitting HIPAA against MIPPA . Yes, it is valid to seek to protect patient privacy. However, as seen above in the HHS rule, health reform is about improving treatment and care coordination. A doctor can only be alerted to medication allergies and contraindications if other medications are known.
Protected Health Information is protected for a reason but "protecting" patients against those whom they have chosen to ensure their treatment and care coordination is indeed a misunderstanding of both the letter and the spirit of the health laws.
Alistair Jackson, M.Ed.
Jim Grue, O.D.
No comments:
Post a Comment