205595 State Regulations in Health Information Disclosure: Examining the Interoperability of Health Information Exchange Across States

Monday, November 9, 2009

Mendbayar Nyamsuren, MD, MHA , College of Public Health, Oklahoma University, Oklahoma City, OK
Ann F. Chou, PhD, MPH , College of Public Health & College of Medicine, University of Oklahoma, Oklahoma City, OK
Robert C. Wild, MS , University of Oklahoma, Oklahoma City, OK
Katrina Claiborne Garcia, BS, MPH , Health Administration and Policy, University of Oklahoma Health Sciences Center, Oklahoma City, OK
Ann Idell Kruckeberg, BS, MPH , Health Administration and Policy Department, University of Oklahoma Health Sciences Center, Oklahoma City, OK
Steven Mattachione, JD , University of Oklahoma, Oklahoma City, OK
Background: There are distinctions in privacy requirements for disclosure of protected health information (PHI) set by both federal and state laws. The lack of consistent legislation at the state level has resulted in variations with respect to how and when PHI may be disclosed. A common set of policies is a critical component to achieve the goal of interoperable electronic health information exchange (HIE).

Objective: To investigate state laws and regulations that are related to PHI disclosure by the source, holder, and type of PHI data.

Methods: Data were provided by 11 states that participated in a Multi-State Consent Collaborative Project. Information pertaining to state laws and regulations related to the disclosure of an adult person's PHI for emergency and non-emergency treatment was analyzed via both quantitative (descriptive statistics) and qualitative analyses (network analysis).

Results: Findings showed that all states regulate disclosures of PHI by the data holder, mainly by facility and provider type. Wisconsin regulates disclosures through all three types facility, records, and provider; whereas Oklahoma and Utah regulate only by the type of records (e.g., communicable disease and controlled private records). Except for Oklahoma, Utah, Rhode Island, all other states regulate disclosures of PHI by the facility, the data were created by. Other than Utah, all states regulate PHI disclosures by data type. Almost all states have limitations on the disclosure of PHI related to mental health and HIV/AIDS.

Conclusion: There are differences in how state laws and regulations treat disclosures of PHI. In order to have efficient interoperable health information exchange, these discrepancies should be resolved. Concurrently, consistent state laws and regulations related to electronic HIE should not put the confidentiality of patient information at stake.

Learning Objectives:
To assess state laws and regulations that are related to health information disclosure by the source, holder, and type.

Keywords: Health Information, Privacy

Presenting author's disclosure statement:

Qualified on the content I am responsible for because: I have experience in conducting health information research
Any relevant financial relationships? No

I agree to comply with the American Public Health Association Conflict of Interest and Commercial Support Guidelines, and to disclose to the participants any off-label or experimental uses of a commercial product or service discussed in my presentation.