State privacy regulations and the Health Insurance Portability and Accountability Act (HIPAA) are making it more difficult for health information exchanges (HIEs) to send and receive patient data, especially during the COVID-19 pandemic, according to an article written in the Journal of Informatics in Health and Biomedicine.
During a pandemic such as COVID-19, a patient may be forced to attend several different health systems to get access to care.
The patient may have a screening at one health organization via telehealth and then a COVID-19 test at a separate organization. The patient could then have a follow-up appointment at a primary care clinic, before being admitted to a hospital with sufficient capacity.
For the patient’s data to be exchanged to multiple providers, a secure health information exchange is crucial.
But as the virus continues to spread, disjointed care processes – such as telehealth, drive-through testing, remote testing, and field hospitals – challenge the healthcare system. To add insult to injury, it’s hard for medical professionals to keep track of varying privacy rules governing data exchange.
“The current mix of state and HIPAA privacy regulations poses a confusing maze of barriers to effective HIE for patient care,” wrote the authors. “Urgent action is necessary to ensure regulations that are designed to preserve privacy and move toward a more balanced footing that emphasizes continuity of care.”
HIPAA’s Privacy and Security laws allow stricter state laws to supplant the federal law. Thus, it falls on Health and Human Services (HHS), along with the state attorneys general, to prosecute infractions that are made by health organizations.
“This tangle of federal and state laws makes identifying and complying with general information exchange and consent laws an onerous undertaking, frequently leading organizations to the conclusion that data sharing via HIE is legally and financially so difficult as to often be prohibitive,” they continued. “In an emergency setting, we need to drastically reduce the barriers to frictionless HIE: one law of the land for COVID-19–related data.”
The authors say there are three actions to ensure patient privacy, while also opening up the legal barriers of HIE.
First, they say lawmakers must enact HIPAA’s complete federal prevention of both data sharing and consent laws. This means during COVID-19, health systems will not require opt-in consent to exchange patient data.
“This approach may appear extreme, but it holds the most promise for balancing the needs of immediate sharing of information, appropriate protection of PHI, and presenting a clear and definitive statement to healthcare providers and the general public alike,” they wrote.
Next, the authors say the Office for Civil Rights (OCR) should create a universal business associate agreement (BAA) that allows healthcare organizations to adopt HIE during COVID-19. A default BAA would allow quick data interoperability between organizations and support HIE.
Finally, the authors say public health officials should have complete EHR access for patients with COVID-19, eradicating minimum data requirements.
While HIPAA and state laws protect patient health data, these laws may make it more difficult for health organizations to exchange data, the authors said.
And with different states having different laws, it could impact how public health leaders track the spread of the virus.
Organizations from neighboring states may need to work together and collaborate for enhanced patient care, which is difficult when states have a different set of privacy laws during the pandemic.
“Patients may not be able to choose the provider doing follow-up care, and delays and overhead in information transmission might compromise the effectiveness of the care system,” wrote the authors. “Public health needs access to new types of information in cellular providers’ data systems in order to drive its response.”
“Further, we need to mobilize the full spectrum of researchers to understand and address the challenges posed by the epidemic,” the authors concluded. “Use of emergency federal powers to create a unified framework for data exchange about the epidemic and research is an essential step toward effective response to the challenges we currently face.”
Reference:
https://ehrintelligence.com/news/hipaa-state-laws-hamper-patient-data-exchange-during-covid-19
