|
MEPS
Medical Expenditure Panel Survey
Medical Care
Provider Participants’ Corner
Confidentiality/HIPAA
Confidentiality of MEPS Data
All information for MEPS is collected with assurances of
confidentiality. Under the survey’s authorizing legislation,
unauthorized disclosure of survey data is subject to substantial fines.
The authorizing legislation stipulates that the collected data are to be
used for research purposes only.
Section 913(a) of the Public Health Service Act (as amended in the
Healthcare Research and Quality Act of 1999) mandates the data
collection activity carried out as MEPS. The confidentiality of MEPS
data is addressed in Section 924 (c) of the Act:
No information, if an establishment or person supplying the
information or described in it is identifiable, obtained in the
course of activities undertaken or supported under this title may be
used for any purpose other than the purpose for which it was
supplied unless such establishment or person has consented (as
determined under regulations of the Director) to its use for such
other purpose. Such information may not be published or released in
other form if the person who supplied the information or who is
described in it is identifiable unless such person has consented (as
determined under regulations of the Director) to its publication or
release in other form.
HIPAA Compliance
The Privacy Rule of The Health Insurance Portability and
Accountability Act of 1996 establishes rules to protect individuals’
personal health information from inappropriate disclosure. The Act
specifies circumstances under which health care providers (referred to
as "covered entities" in the regulations) can release information
that identifies patients and the care provided to them. Providers now
routinely notify patients of their privacy practices and have their
patients provide a written acknowledgement of their consent.
Although the Act specifies circumstances under which a covered entity
may release personal health information (PHI) without the consent
of the
patient, MEPS contacts medical providers and pharmacies only for
patients who have specifically consented to the release of their
personal information. This consent is documented through the patient’s
signature on the
MEPS authorization form, a copy of which is provided
to each medical provider contacted for the study.
The
MEPS authorization form was redesigned in 2002 to meet the
HIPAA requirements for authorization
forms described in Section 164.508(c) 45 CFR 164. The revised form was
reviewed and deemed HIPAA compliant by the Westat IRB.
Beyond HIPAA
HIPAA’s protections do not extend to cover personal health
information after a covered entity has released it to a third party. All
information collected in MEPS, however, is covered by the
confidentiality requirements provided by the legislation under which the
study is conducted. This law requires that all identifying data
collected for the study – whether from the individual household
respondents or from their medical providers – be treated as
confidential. As with HIPAA, this law imposes penalties for unauthorized
disclosure of protected information. By cooperating with the request for
voluntary release of the medical records, your entity becomes a MEPS
participant covered by AHRQ’s confidentiality statutes. Data that would
identify you may not be disclosed without your consent.
|
Back
Email Updates
