7. Consent Management (BPPC - Phase II)
From OpenEMR Project Wiki
MeaningFul Use Requirments (Interime Final Rule):
Record disclosures made for treatment, payment, and health care operations with date, time, patient identification (name or number), user identification (name or number), and a description of the disclosure.
HIPAA Disclosures for TPO(Treatment, Payment, Health Care Operations)
Under HIPAA privacy rule a covered entity may use and disclose protected health information or PHI for treatment, payment, and health care operations activities.
- For treatment PHI to be shared without restriction.
- The provision, coordination, or management of health care and related services among health care providers or by a health care provider with a third party.
- Consultation between health care providers regarding a patient.
- The referral of a patient from one health care provider to another.
- For payment, a covered entity must obtain authorization to disclose PHI.
- The various activities of health care providers to obtain payment or be reimbursed for their services and of a health plan to obtain premiums.
- Common payment activities which includes: Determining eligibility or coverage under a plan, billing and collection activities etc.,
“Health Care Operations” means
- For health care operations, a covered entity must obtain authorization to disclose PHI.
- Certain administrative, financial, legal and quality improvement activities of a covered entity that are necessary to run its business and to support the core functions of treatment and payment.
Implementation Details for Recording Disclosures
The following informations that need to be recorded during the disclosures exchange:
1. Date, time
2. Patient identification
3. User identification
4. Recipient of the disclosure
5. Type of medical information released [Treatment/payment/healthcare/others]
6. Description of the disclosure
7. forms: id
8. forms: date
9. forms: encounter
10. forms: form_name
11. forms: form_id
As per the Sam Bowen's suggestion disclosures of patient's medical information to third parties need to be logged and logging should contain all the above informations.
In OpenEMR we have an option to add Insurance Company, X12 partners , refferal details, options to generate the CMS 1500 and X12 format. But there is no options which tiggers the disclosures of patient's medical information to third parties. To be more simple :- From which event the disclosure logging should be made ?
SourceForge Discussion Link