One-to-one exchange from one provider to another for treatment purposes--even with no facilitator--must be governed by policies that at least include encryption, limits on identifiable or potentially identifiable information in the message, and identification and authorization of those exchanging the data, according to the privacy and security workgroup recommendations.
Encryption ideally should be required when there is potential for transmitted data to be exposed. The workgroup recommends an encryption mandate through meaningful use/certification criteria or modification of the HIPAA security rule.
"If strong policies such as the above are in place and enforced, we don't think the above scenario needs any additional individual consent beyond what is already required by current law," according to the recommendations.
For more information, click here.
--Joseph Goedert



















Be the first to comment on this post using the section below.