Health Information Technology
- May a health information organization (HIO) manage a master patient index on behalf of multiple HIPAA covered entities?
- In an electronic health information exchange environment, what is a designated record set for purposes of an individual’s right of access under the HIPAA Privacy Rule?
- Who has the right to consent or the right to request restrictions with respect to whether a covered entity may electronically exchange a minor’s protected health information to or through a health information organization (HIO)?
- Can a covered entity use existing aspects of the HIPAA Privacy Rule to give individuals the right to decide whether sensitive information about them may be disclosed to or through a health information organization (HIO)?
- Does the HIPAA Privacy Rule allow covered entities participating in electronic health information exchange with a health information organization (HIO) to establish a common set of safeguards?
- How may the HIPAA Privacy Rule’s minimum necessary standard apply to electronic health information exchange through a networked environment?
- What is a covered entity's liability under the HIPAA Privacy Rule for sharing data inappropriately to or through a health information organization (HIO) or other electronic health information exchange network?
- Does the HIPAA Privacy Rule require a covered entity to “police” a health information organization (HIO), which functions as its business associate?
- How should a covered entity respond to any HIPAA Privacy Rule violation of a health information organization (HIO) acting as its business associate?
- What are some considerations in developing and implementing a business associate agreement with a health information organization (HIO)?
- Can a health information organization (HIO) participate as part of an affiliated covered entity?
- May a covered health care provider disclose electronic protected health information (PHI) through a health information organization (HIO) to another health care provider for treatment?
- May a HIPAA Notice of Privacy Practices (NPP) specifically mention that protected health information (PHI) will be disclosed to and through a health information organization (HIO)? May the NPP mention that the covered health care provider uses an electronic health record (EHR)?
- To what extent does the HIPAA Privacy Rule allow third parties to access protected health information (PHI) through a health information organization (HIO) for purposes other than treatment, payment, and health care operations?