August, 2019
Patients are seeking to interface the data you collect about them in your practice with their mobile health tracking device – a Fitbit, Apple Watch, or the like. If your practice is fielding these patient requests, you may be questioning your liability related to this information transfer. On April 18, 2019, the Office of the Inspector General released a statement with instructions regarding the liability, while recommending guidance be issued to the patient.
"Under the individual right of access, an individual may request a covered entity to direct their ePHI (electronic protected health information) to a third-party app. In such a circumstance, the covered entity would not be responsible for unauthorized access to the individual’s ePHI while in transmission to the app. With respect to such apps, the covered entity may want to consider informing the individual of the potential risks involved the first time that the individual makes the request." 1
If you consider such a request outlandish, recognize that the Office of the National Coordinator for Healthcare Information Technology (ONC) issued a proposed rule that makes your practice's participation a requirement. In the press release, the ONC states, “The proposed rule helps ensure that patients can electronically access their electronic health information at no cost.” This is one of many components of fulfilling the interoperability requirement of the 21st Century Cures Act.
The final rule has not yet been issued. In the interim, the ONC has launched a pilot program called "Data at the Point of Care" (DPC) as part of the federal government’s MyHealthEData initiative. The final rule is expected to be released by the end of 2019.
For more information, see the CMS fact sheet here.
1 https://www.hhs.gov/hipaa/for-professionals/faq/3010/what-liability-does-a-covered-entity-face.html
Elizabeth Woodcock is the founder and principal of Woodcock & Associates. She has focused on medical practice operations and revenue cycle management for more than 25 years. She has led educational sessions for a multitude of national professional associations and specialty societies, and consulted for clients as diverse as a solo orthopaedic surgeon in rural Georgia to the Mayo Clinic. She is author or co-author of 17 best-selling practice management books, to include Mastering Patient Flow and The Physician Billing Process: Avoiding Potholes in the Road to Getting Paid. Elizabeth is a Fellow in the American College of Medical Practice Executives and a Certified Professional Coder. In addition to a Bachelor of Arts from Duke University, she completed a Master of Business Administration in healthcare management from The Wharton School of Business of the University of Pennsylvania. She is currently a doctoral student at the Bloomberg School of Public Health of Johns Hopkins University.
Our team is here to answer any questions you might have or to help you fill out a quote application.