The last time I went to the doctor I was asked to sign a consent form for something called Mass HIway. How do state...
health information exchange programs like Mass HIway comply with HIPAA? Are there security risks I should be aware of when using these sites?
The Massachusetts Health Information Highway (Mass HIway) is an example of a healthcare clearinghouse. These organizations exist throughout the United States and are designed to facilitate the sharing of information between healthcare providers including doctors, hospitals, clinics and insurance companies. The goal is to improve the flow of information so that, for example, if a patient is brought into an emergency room unconscious, the treating physicians can call up the records of his most recent doctor's office visit.
You were asked to sign a consent form because both the doctor's office you visited and Mass HIway are required to comply with the security and privacy provisions of HIPAA. HIPAA applies to three different types of covered entities: healthcare providers -- which includes your doctor -- health insurance plans and health information clearinghouses -- such as Mass HIway.
The Mass HIway program does not provide information to patients directly. It's exclusively for the use of healthcare professionals. There's not much anyone needs to do personally to keep their information secure -- that's the responsibility of the healthcare clearinghouse and providers. The only real decision for the patient is whether he'd like to participate. Keep in mind, however, that doctors may require participation in the healthcare clearinghouse. Patients certainly have the right to revoke their consent, but the physician's office may then choose to drop them and they will lose the benefit of having medical records available to all treating providers.
Ask the Expert:
Got a vexing problem for Mike Chapple or any of our other experts? Ask your enterprise-specific questions today. (All questions are anonymous.)
Find out what types of companies count as HIPAA business associates
Learn more about the rights of medical identity theft victims under HIPAA
Discover if security gap analysis is important for HIPAA compliance
Dig Deeper on HIPAA
Related Q&A from Mike Chapple
It's not possible to eradicate the risk of DoS attacks, but there are steps infosec pros can take to reduce their impact. Mike Chapple shares ...continue reading
The HHS OCR ruled that healthcare ransomware attacks are HIPAA violations, so these covered entities need to react according to the HHS's guidance. ...continue reading
HIPAA regulations incorporate NIST guidelines and standards, so do healthcare organizations need to be compliant with both? Expert Mike Chapple ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.