Health Information Technology
- Is a health information organization (HIO) covered by the HIPAA Privacy Rule?
- May a health information organization (HIO), acting as a business associate of a HIPAA covered entity, de-identify information and then use it for its own purposes?
- Does the HIPAA Privacy Rule permit health care providers to use e-mail to discuss health issues and treatment with their patients?
- Does the HIPAA Privacy Rule inhibit electronic health information exchange across different states or jurisdictions?
- Can a health information organization (HIO), as a business associate, exchange protected health information (PHI) with another HIO acting as a business associate?
- May covered entities that operate in electronic environments provide individuals with their HIPAA Notice of Privacy Practices (NPP) electronically?
- Can a health information organization (HIO) operate as a business associate of multiple covered entities participating in a networked environment?
- How do HIPAA authorizations apply to an electronic health information exchange environment?
- Can a health information organization (HIO) participate as part of an organized health care arrangement (OHCA)?
- What may a HIPAA covered entity’s business associate agreement authorize a health information organization (HIO) to do with electronic protected health information (PHI) it maintains or has access to in the network?
- How may judgments be made electronically about denial of access under the HIPAA Privacy Rule?
- Who is liable under the HIPAA Privacy Rule where multiple covered entities have signed on to a single business associate agreement and one member breaches the agreement?
- Are health information organizations (HIOs) required to have a HIPAA Notice of Privacy Practices (NPP)?
- Who is responsible for amendment of protected health information in an electronic health information exchange environment?
- Can a covered entity use existing aspects of the HIPAA Privacy Rule to give individuals the right to Opt-In or Opt-Out of electronic health information exchange?
- What are a covered entity’s responsibilities to notify others in a network if an amendment to protected health information is made?
- How may the HIPAA Privacy Rule’s requirements for verification of identity and authority be met in an electronic health information exchange environment?
- Does the HIPAA Privacy Rule permit a covered health care provider to e-mail or otherwise electronically exchange protected health information (PHI) with another provider for treatment purposes?
- How would a covered entity or health information organization (HIO), acting on its behalf, know if someone were a personal representative for the purpose of granting access under the HIPAA Privacy Rule?
- Does the HIPAA Privacy Rule permit a covered entity to disclose psychotherapy notes to or through a health information organization (HIO)?