On November 10, HHS’s Office of Civil Rights posted a new FAQ to its HIPAA FAQ. This one discusses how a State Medicaid plan and a Medicare Advantage plan may share PHI in order to identify dually eligible beneficiaries.
Click Here to go to the Office of Civil Rights HIPAA FAQ,
Permalink
There is an interesting dispute developing between JCAHO and AHA. It seems that JCAHO wants to get into the “data business.” Under this plan, JCAHO would use patient health information obtained as part of the hospital accreditation process to generate reports and other information for use by third parties. JCAHO’s proposal would have the hospital disclosing under the guise of accreditation, but the business associate agreement would give JCAHO freedom to use the information for purposes beyond accreditation, including generating reports and analyses for third parties.
AHA is, understandably, upset by this, because of the privacy concerns it creates and because, under a recent DOJ opinion, JCAHO will be immune from prosecution. For those of you who don’t know, in June the Department of Justice announced that only covered entities are subject to prosecution under HIPAA. In other words, the business associate may be liable under other laws, but not under HIPAA.
This is of interest to home health providers, because it may be a harbinger of similar dispute with home health providers. If JCAHO thinks there is value to it in providing a similar analysis of home health patient data, providers may soon be approached by JCAHO with a similar request to allow JCAHO to use home health agency patient data for research.
Permalink
The U.S. District Court for the Southern District of Illinois recently reiterated the Seventh Circuit’s position on discovery in federal question actions after HIPAA. In U.S. ex. rel., Anthony J. Camillo v. Ancilla Systems, Inc., (S.D. Ill. November 7, 2005), the Court addressed a hospital’s motion for a protective order that would have redacted the medical records provided to exclude any identifying information. The hospital’s basis for this request was a requirement in Illinois regarding non-party patient information. This Illinois law would require redaction before disclosure, which the hospital argued was more restrictive than HIPAA. The hospital reasoned that because Illinois state law required redaction the Federal court should require it as well.
The District Court, relying upon the 7th Circuit’s decision in Northwest Memorial Hospital v. Ashcroft, 362 F.3d 923 (7th Cir. 2004) ruled that the Illinois statute was not applicable to discovery in a federal court in which the case was based upon a question of federal law. Because the state privilege laws do not apply in federal courts, they cannot preempt HIPAA. Therefore, redaction was not necessary.
This ruling makes sense, because the preemption analysis is only necessary if the Illinois statute applies. However, federal courts rely upon federal common law, not state law when addressing questions of privilege and discovery. Furthermore, HIPAA was not intended to create a federal privilege against discovery. Under HIPAA, a non-party’s medical information may be disclosed to the litigants, as long as the required assurances are provided.
Permalink
