Pharmacy Participants’ Corner
Confidentiality/HIPAA
Confidentiality of MEPS Data
All information for MEPS is collected with assurances of
confidentiality. Under the survey’s authorizing legislation,
unauthorized disclosure of survey data is subject to substantial fines.
The authorizing legislation stipulates that the collected data are to be
used for research purposes only.
Section 913(a) of the Public Health Service Act (as amended in the
Healthcare Research and Quality Act of 1999) mandates the data
collection activity carried out as MEPS. The confidentiality of MEPS
data is addressed in Section 924 (c) of the Act:
No information, if an establishment or person supplying the
information or described in it is identifiable, obtained in the
course of activities undertaken or supported under this title may be
used for any purpose other than the purpose for which it was
supplied unless such establishment or person has consented (as
determined under regulations of the Director) to its use for such
other purpose. Such information may not be published or released in
other form if the person who supplied the information or who is
described in it is identifiable unless such person has consented (as
determined under regulations of the Director) to its publication or
release in other form.
HIPAA Compliance
The Privacy Rule of The Health Insurance Portability and Accountability
Act of 1996 establishes rules to protect individuals’ personal health
information from inappropriate disclosure. The Act specifies
circumstances under which health care providers (referred to as "covered
entities" in the regulations) can release information that identifies
patients and the care provided to them. Providers now routinely notify
patients of their privacy practices and have their patients provide a
written acknowledgement of their consent.
Although the Act specifies circumstances under which a covered entity
may release personal health information (PHI) without the consent of the
patient, MEPS contacts medical providers and pharmacies only for
patients who have specifically consented to the release of their
personal information. This consent is documented through the patient’s
signature on the
MEPS authorization form (PDF 202 KB, or
HTM 6 KB),
a copy of which is provided to each medical provider contacted for the
study.
The
MEPS authorization form (PDF 202 KB, or
HTM 6 KB)
was redesigned in 2002 to meet the HIPAA requirements
for authorization forms described in Section 164.508(c) 45 CFR 164. The revised
form was reviewed and deemed HIPAA compliant by the Westat IRB.
Beyond HIPAA
HIPAA’s protections do not extend to cover personal health information
after a covered entity has released it to a third party. All information
collected in MEPS, however, is covered by the confidentiality
requirements provided by the legislation under which the study is
conducted. This law requires that all identifying data collected for the
study – whether from the individual household respondents or from their
medical providers – be treated as confidential. As with HIPAA, this law
imposes penalties for unauthorized disclosure of protected information.
By cooperating with the request for voluntary release of the medical
records, your entity becomes a MEPS participant covered by AHRQ’s
confidentiality statutes. Data that would identify you may not be
disclosed without your consent.
|
Back
Email Updates
