79%(24)19 out of 24 people found this document helpful
This preview shows page 124 - 128 out of 188 pages.
±²±CHAPTER EIGHTOHCAs and Collaborative Quality-Improvement Projects: Practical and Ethical IssuesKevin LawlorAn organized health-care arrangement (OHCA) is a mechanism under the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule1that allows covered entities2to share protected health information3for purposes such as collaborative quality-improvement (QI) projects. They are allowed to share this information based on their relationship with other covered entities, not on the relationship of a covered entity with an individual. The purpose of OHCAs is to provide covered entities with the means to share protected health information to improve the overall processes of health-care delivery. However, in providing this flexibility, OHCAs may allow covered entities to use the information in ways that, while legally proper and vital for the improvement of the health-care delivery system, cannot be meaningfully understood by individuals, especially as the system grows more complex and interconnected. Ironically, while the Privacy Rule generally increases the protection of medical information, OHCAs may lead to an erosion of individuals’ privacy expectations by allowing medical infor-mation to be used and disclosed more broadly than it has been in the past.This chapter reviews OHCAs, how they fit within the overall framework of the Privacy Rule, and their practical and ethical issues. Its intent is to provide background material and raise issues for a broader discussion of the ethics of QI.Options Under the Privacy Rule for Collaborative QI Projects The Privacy Rule provides five options for sharing protected health information among covered entities for collaborative QI projects:4authorization, affiliated covered entities, common rela-tionships, limited datasets, and OHCAs.AuthorizationAn authorization is specific written permission from an individual to use or disclose his or her information for a particular purpose and to a particular entity.5The requirements for an authorization to be valid are detailed, making HIPAA-compliant authorization forms com-plex. Additionally, the operational burden of distributing and collecting authorization forms makes them generally infeasible for sharing large datasets for QI projects that involve retro-spective record review.
±²² Health Care Quality Improvement: Ethical and Regulatory IssuesAffiliated Covered EntitiesAn affiliated covered entity consists of two distinct legal entities under common ownership or control that have chosen to designate themselves as a single covered entity.6However, as a single covered entity, the component entities may only “use or disclose the protected health information of individuals who receive the [affiliated] covered entity’s health plan or health care provider services, but not both, only for purposes related to the appropriate function being performed.”7This means that an affiliated covered entity must determine whether there is a