In the promotion and protection of patient’s rights to privacy, each Medicare beneficiary having claims data utilized by Integrated ACO will be accorded appropriate confidentiality, privacy and security. Participating physicians of the ACO can be confident that patient data will be treated with utmost regard in accordance with our privacy and security policies and procedures, which reflect HIPAA requirements. No employee of Integrated ACO has a right to any patient information other than that necessary to perform his or her job.
Integrated ACO ensures that only authorized individuals have access to the information. Even within our group, only appropriate personnel necessary to accomplish the work have access. We ensure that the actual transmission process is secure. If mental health and/or substance abuse issues are addressed, the very strict additional levels of confidentiality that apply to these matters are respected. Additionally, both the consulting physician and the requesting physician must have set protocols to cover confidentiality about their medical activities.
Integrated ACO employees have all had documented HIPAA training and understand that health information will only be used to perform their job in data analysis, predictive modeling, or care coordination on behalf of the ACO. Protected health information will not be disclosed to anyone outside of the employment of the ACO, unless it is a treating physician to the patient who participates in the ACO.
What should, therefore, be borne in mind is the gravity of those issues – that under both HIPAA and state law there is a significant potential liability for failing to safeguard protected health information and to maintain safe transmission systems. This applies to both the referring physician and the consultants. The actual sharing of the confidential medical information in various settings is covered under the TPO (treatment, payment, operations) exception in HIPAA and so the patient does not have to authorize it explicitly.
Clinical information (including individually identifiable patient information), company data, TIN, and physician quality data are not saved locally on laptop devices that can be subject to breach. Instead, all information under the stewardship of Integrated ACO will be stored on a secure company site with a two stage password system. As a custodian of Protected Health Information for its attributed Medicare beneficiaries, Integrated ACO takes its role seriously and has undergone the necessary training and due diligence to ensure that all patient data is appropriately safeguarded.
If you have any questions, please contact our Executive Director, Patricia Grimes.