HIPAA Compliance at Gotham associate ACO Groups
How does HIPAA affect ACO?
The centers for Medicare and Medicaid services (CMS) has proposed that ACOs enter into data use agreements which is an agreement established under HIPAA between a covered entity and the intended recipient of a “limited data set,” and is a term used under HIPAA to describe a limited amount of Protected Health Information (PHI). In a more elaborate definition, a data use agreement defines the ways in which the recipient may use the data and how it must be protected which in any situation, data use agreement would prevent the sharing of claims data outside of the ACO and furthermore prohibit any use of claims data that would violate HIPAA. The center for Medicare and Medicaid services has also proposed that each Medicare beneficiary receive notice at the point of care that the provider is part of an ACO and the notice would include the right to opt out of disclosures of Protected Health Information (PHI). ACOs on the other hand will also be required to provide a form to confirm that the beneficiary has received notice of potential uses and disclosures of their claims data and a simple process for opting out of information sharing such as a phone number or email address (Bourque, 2011)