← Back to context

Comment by FireBeyond

1 day ago

> Providers, entities: again, HIPAA only prevents this without your consent, and that's basically what privacy is.

Not even, it specifically allows providers who are actively caring for you to share, even without your consent. Straight from the horse's mouth:

"Does the HIPAA Privacy Rule permit doctors, nurses, and other health care providers to share patient health information for treatment purposes without the patient’s authorization? Answer: Yes. The Privacy Rule allows those doctors, nurses, hospitals, laboratory technicians, and other health care providers that are covered entities to use or disclose protected health information, such as X-rays, laboratory and pathology reports, diagnoses, and other medical information for treatment purposes without the patient’s authorization."

Source: https://www.hhs.gov/hipaa/for-professionals/faq/481/does-hip...

> I empathize that moving data between providers is not easy, but this is hardly due to HIPAA, which permits such, assuming patient consent.

It doesn't even really always require consent, but a provider relationship. Consent can grease the wheels though.

It's like you said, very little use of FHIR or still so so much HL7. And anyone who has dealt with those standards knows that just because EHR vendor A says they support them, and EHR vendor B does, doesn't mean data sharing will be smooth.

1 comment

FireBeyond

Reply
deathanatos  1 day ago

Yeah. (I didn't include that as it seemed like the person above was writing specifically about provider-provider sharing, and while I know provider-BA sharing is fine in the course & context of administering care, I was less sure about provider-provider. But I think there are plenty of examples of this in my own HC, such as when I go for a blood draw and I get 8 bills. But again: HIPAA really doesn't throw too many surprising curve balls here.)

And yeah, lots of HL7v2. (for readers: HL7v2 is a protocol for medical data sharing. Predates FHIR, and is muuuuch uglier. FHIR is JSON/HTTP, albeit complicated, because medical. HL7v2 is custom binary (or I think there's an XML variant that I pray I never run into?). Not to be confused with the organization HL7.

HL7v2 is also the reason for a lot of having to deal with IPSec tunnels, something else I could stand to never see again.)

> And anyone who has dealt with those standards knows that just because EHR vendor A says they support them, and EHR vendor B does, doesn't mean data sharing will be smooth.

Yep. Some unintentional (the standard is complex, people make mistakes), some intentional (the standard permits extension, and obviously custom extensions might not port).

And that's like every other standard an eng on HN is going to interact with, really.