State by State HIE Opt-in regulations

Health Information Exchange

Opt-In Policies by State

The wait is over and finally the medical practices we provide support for are being asked to join their affiliated hospital’s HIE. A document provided on Healthit.gov features a very helpful interactive map which classifies each US State and their HIE “Opt-In” -vs- “Opt-Out” Privacy Policies these states require. Because some of the patients in the care of your Medical Practice may officially reside in a different state, the practice has an obligation to identify these patients and adopt separate policies for “Opt-In” to the HIE based on their home state’s particular regulations. Since many elderly patients have dual residences and prefer to make Florida their official residence due to the lack of State Income Tax, Medical Practices need to be keenly sensitive to the Florida HIE Policy which pertains to Providers that are seeing a patient for the first time. You need to be aware of these State HIE Policies for your patients that officially reside in another state.

In this Healthinfolaw.org PDF as with the Healthit.gov link above, individual State HIE Policies are identified and explained for that state's HIE. Note: since the State of Georgia lacks specific HIE Policies at this time, HIPAA Privacy Rules ( CFR 164.506 ) apply. The Privacy Rule defers to covered entities with regard to the decision of whether to obtain an individual’s consent in order to use or disclose PHI for treatment, payment, and health care operations purposes, and with regard to the content of the consent and the manner of obtaining it. 45 C.F.R. § 164.506(b). The decision is left to your “professional discretion”.

*SolDyn, as your trusted advisor, will keep your practice advised of all HIPAA related issues and protect your Medical Practice from possible exposure to ligation or sanction from the HHS Office of Civil Rights (OCR) for violating such policies.

QUESTION: Does the HIPAA Privacy Rule inhibit electronic health information exchange across different states or jurisdictions?

ANSWER: No. The Privacy Rule establishes a federal baseline of privacy protections and rights, which applies to covered entities consistently across state borders. The Privacy Rule, however, as required by HIPAA, does not preempt State laws that provide greater privacy protections and rights. Thus, as with covered entities that conduct business today on paper in a multi-jurisdictional environment, covered entities participating in electronic health information exchange need to be cognizant of States with more stringent privacy laws that will affect the exchange of electronic health information across State lines. In addition, other Federal laws also may apply more stringent or different requirements to such exchanges depending on the circumstances. Covered entities and health information

HHS OCR