Health Information Exchange Policy Project

The core functions of this organization are carried out in line with the HITECH and HIPAA acts in relation to sharing, disclosure and use of patient’s health data. Therefore, this paper entails the preparation of HIEO policy with clear guidance to all contributors in the HIEO on the use of patient consent. HIPAA’s authorization and consent management requirements The HIPAA privacy rule has well documented standards for information disclosure that include requirements and what constitutes a valid authorization (Hosek & Straus, 2010). Requirements for authorization under HIPAA standards are: • The general authorization content must be in plain language and contain specific description of information, name and details of persons authorized, description of each purpose of disclosure, and dates of purpose for disclosure.

• HIPAA requires valid authorization by or from an individual before use of information for marketing purposes. The HIPAA requires that in the case of HIV-related information, the data should not be disclosed without authorization. Disclosures in this situation are made under the following consideration. • The disclosure is made to patient’s kin or representative • State or federal officer, and when it is authorized by the federal law • Disclosed to health care provider if knowledge of HIV information is necessary for treatment • Health insurers, government payments, and affiliates • Health care providers who have been designated to specifically receive important information about the patient • If a person has been allowed through a court order to access such information Definition of required elements for both authorization and consent for health information exchange purposes, including the differences between the two.

Under the HIPAA privacy policy, it defines and differentiates the concepts of authorization and consent especially when referring to health information exchange purposes. The concept of authorization as provided by HIPAA is a detailed document that provides permission to the covered entities to obtain and use the protected health information for stated and lawful purposes. This makes healthcare providers have moral and ethical requirements to safeguard the information against being accessed by unauthorized people. Reasons for protecting individual health personal information are many. It improves trust between patient and physicians and ensures sensitive information would not fall into the hands of irresponsible people (Ozair, 2015). The ethical concerns and considerations for information health by HIE include issues related to use of information, nature of information collected, as well as the implications of the information requested.

The consent of the patients is also ultimate especially considering that the law requires patient’s consent of disclosure and reasons for such disclosure. Through the acts, there are mandatory penalties for the users who intentionally neglect the adherence to them thus breaching the security of healthcare information for patients, (Al-Fedaghi, 2010). References Al-Fedaghi, S. Scrutinizing the rule: Privacy realization in HIPAA. Developments in Healthcare Information Systems and Technologies: Models and Methods: Models and Methods, 112. Cushman, R. Hi-tech HIPPAA Amendments: New Rules on Breach Notification, Business Associate Compliance, and Enforcement. Health Law. Davis, R. C. , Davis, R. , & Straus, S. G. Patient Privacy, Consent, and Identity Management in Health Information Exchange: Issues for the Military Health System.  Rand health quarterly, 3(2). Ozair, F.  New York, NY: Jones & Bartlett Learning LLC.