Background: Siloed Data Hinders Advancement in Health Care
In today’s system, there is a high demand for patient access to their own health information. However, health data is spread across many different silos and systems, making it difficult to access for patients and handcuffing enormous opportunity for use of health data for societal and public health purposes.
- Healthcare clearinghouses provide efficiency in the healthcare system by seamlessly processing and transmitting data from healthcare providers to payers so that claims can be filed and payments made.
- Each year clearinghouses process hundreds of millions of transactions safely and securely from more than 5,000 hospitals, 900,000 doctors, 66,000 pharmacies and 20,000 labs in the U.S. The records processed by clearinghouses provide information about the provider, the diagnosis, and the treatment for each episode of care. Clearinghouses have the capability to link this data and build longitudinal records, while also ensuring it is protected and secure.
- Because of clearinghouses’ unique position working across a huge number of providers and payers, they are ideally situated to help facilitate aggregation of health data information and sharing of this data between key stakeholders in the healthcare industry, as well as providing patient access to their own health records.
- However, federal law currently limits how clearinghouses can share this data in a way that impedes innovation, research and patient access.
The Problem: Regulatory Barriers Impedes Innovation, Research, and Patient Access.
The Health Insurance Portability and Accountability Act was passed by Congress in 1996 to help establish the confidentiality and security of healthcare information, including its transmission, and to help the healthcare industry control administrative costs. The HIPAA Privacy Rule, which implemented much of the law’s provisions, applies to “covered entities” which are health plans, health care clearinghouses, and certain health care providers. It also allows providers and plans to disclose protected health information (PHI) to “business associates” that provide services to covered entities or perform certain functions on their behalf.
- Clearinghouses are defined as a category of covered entities under HIPAA and also as a business associate when engaging in certain activities, such as claims processing.
- Despite their status as covered entities, the HIPAA regulations treat clearinghouses as business associates and as such are required to execute business associate data use agreements with plans and providers. Business associates may only use and disclose PHI as permitted by their “Business Associate Agreements” or as required by law.
- This regulatory approach has unnecessarily blocked innovation, research and the creation of efficiencies in the healthcare sector because such agreements generally limit the use of PHI to claims processing. As a result, clearinghouses are unable to analyze claims data across multiple providers and insurance companies that could bring considerable societal and consumer benefits.
The Solution: Legislation to Unlock Clearinghouse Data
Our goal is to work on supporting legislation to clarify that regardless of whether it originally collected Protected Health Information (PHI) in its role as a business associate, a healthcare clearinghouse is permitted to use and disclose PHI in the same manner as other covered entities under the HIPAA Privacy Rule.
- Such legislation should permit clearinghouses to provide patients with their own health data and prepare analyses and reports with the goal of improving healthcare using already existing definitions for research and operations under HIPAA.
We strongly believe in retaining HIPAA’s privacy protections.
Clearinghouses are currently and should still be liable and subject to civil and criminal penalties under HIPAA like other covered entities.