Healthcare Information Security

HIPAA and Compliance News

AHA Urges Reduced Data Sharing Barriers in HIPAA Regulations

AHA wrote to Congress highlighting IT actions to reduce regulatory burdens on hospitals, including reduced data sharing barriers.

reduced data sharing barriers aid patient care

Source: Thinkstock

By Elizabeth Snell

- Having reduced data sharing barriers in current HIPAA regulations is just one way Congress can help reduce the regulatory burden on hospitals, health systems and patients, according to the American Hospital Association (AHA).

AHA highlighted several action areas in a letter to the House Ways and Means Health Subcommittee.

“The Subcommittee’s initiative aims to identify opportunities to reduce legislative and regulatory burdens on Medicare providers, thus improving the efficiency and quality of the Medicare program for seniors and individuals with disabilities,” AHA wrote.

Current HIPAA regulations restrict patient data sharing for “health care operations,” AHA noted. This can include quality assessment and improvement activities, such as outcomes evaluation.

“The challenge that strict regulatory prohibition poses in the integrated care setting is that patients frequently do not have a relationship with all of the providers among whom information should be coordinated,” the letter explained. “A clinically integrated setting and each of its participating providers must focus on and be accountable for all patients.”

All participating providers need to be able to share and conduct population-based data analyses to achieve meaningful quality and efficiency improvements, AHA added.

“Congress should require that the HIPAA medical privacy regulation enforced by the Office for Civil Rights permit a patient’s medical information to be used by and disclosed to all participant providers in an integrated care setting without requiring that individual patients have a direct relationship with all of the organizations and providers that technically ‘use’ and have access to the data,” the letter maintained.

Congress should also allow treating providers to access patients’ substance use disorder treatment records, according to AHA. The current restrictions on accessing this information is an integrated patient care obstacle and could even endanger patients’ health. 

Congress should enact the reforms included in the Overdose Prevention and Patient Safety Act (H.R. 3545) to fully align requirements for sharing patients’ substance use disorder treatment records with HIPAA regulations that allow the use and disclosure of patient information for treatment, payment and healthcare operations. Doing so would improve patient care by ensuring that providers and organizations who have a direct treatment relationship with a patient have access to his or her complete medical record.

AHA also urged Congress to cancel Stage 3 of Meaningful Use, claiming the requirements are excessive and serve “no clear benefit to patient care.”

“The Administration also should institute a 90-day reporting period in every future year of the program, eliminate the all-or-nothing approach, and gather input from stakeholders on ways to further reduce the burden of the meaningful use program from current requirements,” AHA wrote.

The electronic clinical quality measure reporting requirement should also be suspended, while Medicare coverage of telehealth services be expanded.

The expansion can help patients in rural areas benefit from more care options, such as remote monitoring.

“We also urge Congress to work with the Administration and encourage them to expand Medicare coverage, such as by a presumption that Medicare-covered services also are covered when delivered via telehealth unless CMS determines on a case-by-case basis that such coverage is inappropriate,” AHA stated. “This change should extend to the Medicare Advantage (MA) program so that MA plans can make services delivered via telehealth available more broadly to their Medicare enrollees.”

Easing information sharing restrictions is not a new concept, and was previously discussed in a Subcommittee on Oversight and Investigations hearing in April 2017.

Healthcare stakeholders maintained that information sharing was essential in facing current cybersecurity threats, and that it would improve the public-private partnership.

National Health Information Sharing and Analysis Center (NH-ISAC) President Denise Anderson explained that information sharing protections must also be considered.

“One of the greatest challenges for the NH-ISAC and all ISACs is the lack of awareness amongst the critical infrastructure owners and operators, particularly the smaller owners and operators, that the ISACs exist and are a valuable tool,” Anderson explained. “Numerous incidents have shown that effective information sharing amongst robust trusted networks of members works in combatting cyber threats.”

External communications and coordination around cyber security threats, response, and best practices are also necessary for a proper risk management strategy, Anderson added.

“In other words, membership in an ISAC or ISAO is an essential element of a successful cyber risk management strategy,” she said. “Likewise, the most recent draft of the White House cybersecurity executive order calls for an assessment of how government can support critical sectors’ cyber risk management programs.”


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks

Continue to site...