Section # |
Name of Federal Regulation |
Comment on Federal Regulation |
Statutory Background
160.101 |
Statutory basis and purpose |
The Mass. Health Data Consortium strongly supports the intent of administrative simplification and the need for timely promulgation of these final privacy regulations.
We believe that the federal regulations should set the parameters and severe penalties for misuse of protected health information while the public and private sector agree on how to operationalize the regulations.
The following comments are related to our mission to collect, validate and disseminate comparative health data as a private, non-profit, health data organization since 1978.
In addition to input from our member organizations, especially the Mass. Division of Health Care Finance and Policy. The Consortium is also indebted to the American Hospital Association, Association of American Medical Colleges, and the National Association of Health Data Organizations for the opportunity to review their comments on these final regulations. |
Definitions 160.103 |
Definitions "Business Associate" |
Add state and comparative health data organizations to the list of examples.
Note: In 22 years there has never been any direct or indirect release of data identifying a patient, and the Consortium has never been accused of a breach while handling millions of sensitive records.
Private, non-profit, health data organizations, such as the Massachusetts Health Data Consortium, have a long history of collecting, validating and disseminating health data for the same functions of governmental health systems (i.e. in support of policy, planning, regulatory &/or management functions). |
Definitions
164.501 |
Definitions "Health Oversight Agency" |
This definition should cover state government agencies such as the Mass. Division of Health Care Finance & Policy whose mission is to improve the delivery and financing of health care and to support the state's health care reform efforts. This agency provides information about the efficiency and effectiveness of the state's health system, which is necessary for public accountability and for making informed decisions. |
Definitions 164.501 |
Definitions "Public Health Authority" |
This definition should cover state government agencies such as the Mass. Division of Health Care Finance & Policy whose mission is to improve the delivery and financing of health care and to support the state's health care reform efforts. This agency provides information about the efficiency and effectiveness of the state's health system, which is necessary for public accountability and for making informed decisions. |
Consent for Uses and Disclosures to carry out Treatment, Payment, or Health Care Operations
164.506(a) |
Standard: Consent requirement |
Our members preferred the original provisions in the proposed rule, which were changed in the final rule.
We urge that providers would not have to obtain the individual's consent prior to using or disclosing protected health information to carry out treatment, payment or health care operations. |
Uses and Disclosures for which consent, an authorization, or opportunity to agree or object is not required 64.512 |
Reinstate a section: "Disclosures and uses for governmental health data systems |
We disagree with the elimination of government health systems from the final regulations and believe that the following section should be reinstated into the final rule:
Disclosures and uses for governmental health data systems. Permitted disclosures. A covered entity may disclose protected health information to a government agency, or private entity acting on behalf of a government agency, for inclusion in a governmental health data system that collects health data for analysis in support of policy, planning, regulatory, or management functions authorized by law.
Permitted uses. Where a covered entity is itself a government agency that collects health data for analysis in support of policy, planning, regulatory, or management functions, the covered entity may use protected health information in all cases in which it is permitted to disclose such information for government health data systems. |
Other requirements relating to uses and disclosures of Protected Health Information
164.514 (b) (2) (i) |
Standard: use or disclosure of de-identified protected health information |
We recommend replacing the word "REMOVED".
We recommend that the section read: "The following identifiers have not been placed together in a manner that would form a reasonable basis for the anticipated recipient of such information to use the information to identify an individual."
The intent of this recommendation is that the list of nineteen (19) elements should be for reference purposes only - to guide the covered entities in their disclosure practices. |
164.514 (b) (2) (i) |
Standard: use or disclosure of de-identified protected health information |
Our health data organization has used and disclosed zip code level data for 22 years for small geographic area variation studies, market share analyses, patient migration studies, calculations of the Herfendahl index (a Federal Trade Commission measure to test market concentrations), and to determine whether the rates of services to communities show under or over-utilization.
Other prominent research, such as the Dartmouth Atlas on Health Care, would also be affected by removal of zip codes. |
