Under the HIPAA Privacy Rule, the use or disclosure of protected health information (PHI) is permitted for treatment purposes. Electronic health information exchange – a method of data transmission allowing healthcare professionals and patients to access and secure PHI electronically – facilitates quality treatment, without running afoul of the HIPAA Privacy Rule or the HIPAA Security Rule.

What is Electronic Health Information Exchange?

Electronic health information exchange (HIE) is a method of secure electronic data transfer. The data that is transferred is ePHI, or electronic protected health information. ePHI of patients may, consistently with the HIPAA Security Rule and the HIPAA Privacy Rule, be shared among covered entities.

Do you have an effective HIPAA compliance program? Find out now by completing the HIPAA compliance checklist.

Electronic health information exchange (HIE) allows medical professionals and staff to securely share patients’ vital information electronically. This secure sharing improves the speed, quality, safety, and cost of patient care. 

Electronic health information exchange can:

  • Improve the completeness of patient records. Past history, current medications, and other information can be shared between patients and providers; between covered entities; and between covered entities and medical staff.
  • Better-informed decision making at the point of care, thereby allowing providers to:
    • Avoid readmissions, thereby saving costs.
    • Avoid prescribing errors, thereby improving the quality of care.
    • Improve the accuracy of diagnoses.
    • Decrease duplicate testing, thereby saving costs and reducing expenses.

Perhaps the chief benefit of electronic health information exchange is that it allows for standardization of data. Standardization allows the data that is transferred to seamlessly integrate into a recipient’s Electronic Health Record (EHR), further improving patient care.

For example:

  • If laboratory results are received electronically and incorporated into a provider’s EHR, a list of patients with diabetes can be generated. The provider can then determine which of these patients have uncontrolled blood sugar and schedule necessary follow-up appointments.

There are currently three key forms of health information exchange:

  • Directed Exchange: ability to send and receive secure information electronically between care providers to support coordinated care
  • Query-based Exchange: ability for providers to find and/or request information on a patient from other providers, often used for unplanned care
  • Consumer Mediated Exchange: ability for patients to aggregate and control the use of their health information among providers

The foundation of standards, policies and technology required to initiate all three forms of health information exchange are complete, tested, and available today. 

Are you using HIPAA compliant tools?

Make sure you’re following all of the HIPAA rules.