7. Consent Management
From OpenEMR Project Wiki
MeaningFul Use Requirments
Record disclosures made for treatment, payment, and health care operations with date, time, patient identification (name or number), user identification (name or number), and a description of the disclosure.
HIPAA Disclosures for TPO (Treatment, Payment, Health Care Operations)
Under HIPAA privacy rule a covered entity may use and disclose protected health information or PHI for treatment, payment, and health care operations activities.
- For treatment PHI to be shared without restriction.
- The provision, coordination, or management of health care and related services among health care providers or by a health care provider with a third party.
- Consultation between health care providers regarding a patient.
- The referral of a patient from one health care provider to another.
- For payment, a covered entity must obtain authorization to disclose PHI.
- The various activities of health care providers to obtain payment or be reimbursed for their services and of a health plan to obtain premiums.
- Common payment activities which includes: Determining eligibility or coverage under a plan, billing and collection activities etc.,
“Health Care Operations” means
- For health care operations, a covered entity must obtain authorization to disclose PHI.
- Certain administrative, financial, legal and quality improvement activities of a covered entity that are necessary to run its business and to support the core functions of treatment and payment.
The following informations that need to be logged during the disclosures exchange are:
1. Date, time 2. Patient identification 3. User identification 4. Recipient of the disclosure 5. Type of the disclosure [Treatment, Payment & Healthcare Operations] 6. Description of the disclosure
Implementation Details for Recording Disclosures
The disclosure informations can be stored in the existing log table with the event type "Disclosures". Existing Audit Trail log can be used to view the patient disclosure log. The items (4) & (6) can be stored in the existing "Comments" column in our audit log. The type of the disclosure can be appended with the event type.
Ex: Disclosures-Treatment, Disclosures-Payment & Disclosures-Healthcare
Since it is not possible to track automatically all the disclosures, we are planning to provide a new section "Record Disclosures" in Patient Demographics [Below "Notes" section]. This can be used by the physicians to enter the information about the third party disclosures they are making. The items mentioned (4), (5) & (6) can be obtained from that screen.
The disclosures that can be identified automatically from the OpenEMR GUI can be stored in the existing audit log. Examples....
1. Insurance claims Information 2. Exchange Clinical information 3. Summary for transition of care / referral 4. Patient Clinical summaries