The fast-moving concept of interoperability has left much of the community awestruck and wondering how to keep up. As a busy healthcare professional, you’re inundated with news, trends and the need to stay ahead of advancements, both in terms of the technology as well as mandates. We love that our catbird seat in the industry allows us to share insights on interoperability, Cures Act, TEFCA and the like with you!
Regarding interoperability, there are a few things you need to know. Your connections to health information exchanges (HIEs) and your EHR interoperability capabilities can help to improve efficiency and ensure your compliance with pay-for-performance initiatives (MACRA/MIPS), the Cures Act, etc. For our clients, DataFile is actively working on their behalf with HIE connections and EHR vendors to ensure their adherence with these initiatives. We’re also working with national organizations like CommonWell and Carequality to improve ROI efficiencies and continue to keep the cost down for all providers. While change is slow at this point, it’s steady, and more velocity is on the horizon in years to come.
While some of these interoperability initiatives seem to only add burden, we hope that by working together with providers we can turn them into a positive. Allowing PHI to flow from secure sources other than your office is a tremendous value to you. Your EHR or HIE may offer population health data distribution, payer chart extraction, or other data distribution such as release of information. As long as the entity is taking on the liability and indemnifying you, you can feel confident in leveraging interoperability functions wherever possible. Just like a business associate relationship, HIPAA regulations[i] allow you to outsource this records release functionality to them. With that we say, “Go for it!” Get this burden off your organization. Sign up and say yes wherever you can!
We tend to get two common questions regarding interoperability and how it impacts the fulfillment of records requests. All good news for you!
- As it relates to records being exchanged via interoperability, what is my responsibility for verifying the validity of a HIPAA authorization for requests that require them[ii]?
- Your agreements with a Business Associate like DataFile as well as any HIEs or EHR vendors will indemnify you, meaning you do not need to bear this burden of authentication. As your business associate, we are legally obligated to act on your behalf and would continue to do so to ensure compliance.
- Do I have to have a copy of the authorization in my system as “proof” of compliance?
- NO!3 The great news is the authorization can live in any system that can be audited and does not have to be filed in your system as a part of your designated record set (DRS) so you can relinquish the burden of filing and storing them. The Cures Act and TEFCA also provide you relief from this burden.
Soon many requests will have to fulfilled via interoperability by law. DataFile works with national requestors, HIEs and EHRs in advancing interoperability efforts on our clients’ behalf. The type of requests NOT in consideration for interoperability are litigation, subpoenas and the like. Those remain business as usual with your oversight and our support as you see fit.
We’re excited about the future of interoperability and believe it provides healthcare organizations with much needed relief from the administrative burden of complying with and fulfilling the rapidly changing interoperability standards.
2 45 CFR 164.508
3 AHIMA. “Fundamentals of the Legal Health Record and Designated Record Set.” Journal of AHIMA 82, no.2 (February 2011): expanded online version (classifying authorizations for the release of information as administrative data excluded from the definition of a designated record set).