May a health care provider disclose protected health information to a health plan for the plans Health Plan Employer Data and Information Set (HEDIS)?
Yes, the HIPAA Privacy Rule permits a provider to disclose protected health information to a health plan for the quality-related health care operations of the health plan, provided that the health plan has or had a relationship with the individual who is the subject of the information, and the protected health information requested pertains to the relationship. See 45 CFR 164.506(c)(4). Thus, a provider may disclose protected health information to a health plan for the plan’s Health Plan Employer Data and Information Set (HEDIS) purposes, so long as the period for which information is needed overlaps with the period for which the individual is or was enrolled in the health plan.
Related Questions
- May a health care provider disclose protected health information to a health plan for the plan’s Health Plan Employer Data and Information Set (HEDIS)?
- How would a provider, health plan, or health care clearinghouse obtain the EIN of an employer for use in electronic health care transactions?
- Can National Jewish Health disclose my protected health information (PHI) without my permission?
