AHIC Review Course 1: Current Landscape of Health IT – Data Sharing Legislation

Ten Q&A flashcards covering key concepts, laws, and definitions related to data sharing in health IT (HIE, HIPAA, HITECH, and the 21st Century Cures Act).

What is Health Information Exchange (HIE) when used as a verb?

The action of sharing health-related data between two or more organizations, enabled by data standards.

What is Health Information Exchange (HIE) when used as a noun?

An organization that provides health information technology to promote secure data sharing, operating at state, regional, or national levels.

What three actions does an HIE perform to support clinical data exchange?

Move data electronically between systems, preserve the meaning of the information, and facilitate access to and retrieval of clinical data.

What is the data sharing trend and security concern described in the notes?

A move toward greater transparency and data access, balanced by concerns about privacy and security to ensure the right data reach the right person at the right time and place.

How do HIPAA's Privacy Rule and Security Rule differ?

The Privacy Rule is patient-focused and protects all PHI; the Security Rule is entity-focused and protects electronic PHI.

Who is the ONC and what is its mandate?

The Office of the National Coordinator for Health Information Technology; established in 2004 and mandated by the HITECH Act (2009) to advance connectivity and interoperability of health IT.

What is the Breach Notification Rule and its timeline?

Under HITECH, covered entities must notify affected individuals within 60 days of discovering a breach of unsecured PHI.

How did the HITECH Act change HIPAA regarding Business Associates?

Expanded HIPAA to include Business Associates, requiring BA agreements, requiring breach notification, and making BAs liable for civil and criminal penalties.

What are four notable features of the 21st Century Cures Act related to data sharing?

1) NIH data sharing mandate, 2) All of Us national cohort, 3) global data sharing via pediatric networks, 4) stronger patient access to information.

What are the information blocking provisions and their exceptions under the Cures Act rule?

Information blocking is prohibited; exceptions include harm prevention, privacy, security, infeasibility to exchange, temporary unavailability to improve performance; and fees/licensing exceptions, all with conditions.