NCBI Bookshelf. A service of the National Library of Medicine, National Institutes of Health.
Committee on Review Data Systems for Monitoring HIV Care; Institute of Medicine; Ford MA, Spicer CM, editors. Monitoring HIV Care in the United States: Indicators and Data Systems. Washington (DC): National Academies Press (US); 2012 Mar 15.
Monitoring HIV Care in the United States: Indicators and Data Systems.
Show detailsThis chapter addresses question 4 from the committee’s statement of task on barriers to the collection of data to measure core indicators for clinical HIV care and for mental health, substance use, and supportive services. The committee was specifically asked to describe policy, reimbursement, and reporting issues that need to be addressed to collect necessary data (statement of task question 4a). Because the reimbursement and reporting barriers to the collection of data are sometimes linked to policies, the chapter begins with a discussion of those barriers and then describes other policy barriers to the collection of data. The chapter addresses how data can be collected in a way that will not significantly increase burden (statement of task question 4b) within the section on reporting barriers. The chapter ends with the committee’s conclusions and recommendation pertaining to this portion of its charge.
POTENTIAL REIMBURSEMENT-RELATED BARRIERS TO THE COLLECTION OF HIV CARE DATA
Reimbursement-related barriers to the collection of data on care and supportive services received by people living with HIV/AIDS (PLWHA) are to a large extent specific to claims data, as providers enter services rendered into claims systems in order to receive reimbursement for those services. As described in Chapter 2, there are several advantages to the use of claims data for health care research. For example, claims data represent a large quantity of data, can be made anonymous and used without patient authorization, and are available in an electronic format for easier transmission. Claims data are an especially important source of information on care received by PLWHA given the large number who are Medicaid beneficiaries: an estimated 47 percent of PLWHA who were receiving regular medical care were Medicaid beneficiaries in FY 2007 (Kates, 2011). As more PLWHA become eligible for Medicaid and commercial health insurance as a result of the Patient Protection and Affordable Care Act (ACA, P.L. 111-148), claims data are likely to become an even more useful source of data for monitoring HIV care. Despite the many advantages of claims data, the influence of reimbursement policies needs to be taken into consideration when using claims data for health services research (Crystal et al., 2007).
Health plan reimbursement policies may “carve out” certain services such as behavioral health, transportation, dental, and pharmacy benefits so that a separate organization is responsible for payment. As a result, the primary insurer may not have a record of the carved-out service in its claims data (Hicks, 2003; Joins et al., 2007). Carve-out arrangements are often used in the Medicaid program when Medicaid managed care organizations (MCOs) contract with other entities to provide services to which beneficiaries are entitled, as per the state Medicaid agencies’ contract with the MCO.1 An MCO may decide to carve out a benefit because it lacks in-house expertise to meet a particular patient need or because it does not have the infrastructure necessary to administer a benefit (e.g., transportation services) (Joins et al., 2007). Carve-out arrangements parse benefits out to multiple entities, and it is often challenging for these entities to communicate and exchange data with one another in order to coordinate patient care effectively (Joins et al., 2007).2 Carve-outs may also make it difficult to combine data at the patient level for research or monitoring purposes. Carve-out arrangements may pose a challenge to the estimation of indicators that require prescription drug dispensing data, or data on receipt of mental health or transportation services, since these services are among those that are most likely to be carved out of a health plan.
A health plan’s claims data also will not contain data on care for which a patient pays out of pocket or for which a claim is submitted before a deductible is exceeded (Hicks, 2003). In other cases, services may not be documented because they are provided by nonphysicians or by contract practitioners and providers who cannot be reimbursed for the service. Some state Medicaid agencies limit the types of providers and practitioners that can bill and receive reimbursement, for example (Bachman et al., 2006). Furthermore, some states limit the number of services that can be billed to Medicaid on the same day (e.g., state Medicaid restrictions on same-day billing for a physical health and a mental health service or visit), which may result in inaccurate or incomplete documentation (Kautz et al., 2008).
Another general source of inaccuracy in claims data that is tied to reimbursement is inappropriate or incomplete coding. Providers may not use all applicable codes as a way to reduce administrative burden,3 exaggerate condition severity by entering alternate coding as a way to ensure payment, or enter alternate diagnoses for sensitive conditions such as mental illness or HIV in order to protect patients’ confidentiality and insurability (Hicks, 2003).
As will be discussed in greater detail in Chapter 5, effective use of health information technology (health IT) can make for easier collection and exchange of care delivery data. To reap its full benefits, health IT will have to be adopted across insurers and a growing number of providers. However, a number of surveys show that adoption of electronic health records (EHRs) and other health IT products is occurring slowly in settings where PLWHA receive care.4 The cost to implement and maintain health IT systems is a frequently cited barrier to adoption (Lardiere, 2009; Rao et al., 2011; Reardon and Davidson, 2007). A 2011 study estimated the cost of implementation of an EHR into a physician practice to be $162,000 during the first year (Fleming et al., 2011).
The Health Information Technology for Economic and Clinical Health (HITECH) Act, a component of the American Recovery and Reinvestment Act of 2009 (ARRA, P.L. 111-5), helps to reimburse providers for some of the costs for implementation of EHRs by authorizing incentive payments through Medicare and Medicaid to health care professionals and hospitals that implement certified EHRs and demonstrate certain usage requirements.5 This support is likely to increase EHR usage by HIV care providers owing to the large number of PLWHA who have Medicare and/or Medicaid coverage. A continuing obstacle to EHR adoption may be the inability of some providers to cover the upfront costs of implementation, however, since providers are reimbursed after demonstrating usage requirements. Some have argued that under current provider reimbursement models, the larger share of the monetary benefit from health IT goes to health care payers (e.g., insurers) and that often the users of health IT (e.g., HIV care providers) do not experience much in the way of financial benefit (e.g., Johnston et al., 2003; PCAST, 2010; Sittig and Singh, 2011). This could be a barrier to implementation or continued use of EHRs. In addition, questions remain about the role of commercial health insurers, who are major payers in many care settings, in funding health IT implementation (Sittig and Singh, 2011). Although most HIV care is financed through public programs, the number of PLWHA who are eligible for commercial health insurance is likely to grow under the ACA.
POTENTIAL REPORTING-RELATED BARRIERS TO THE COLLECTION OF HIV CARE DATA
The ability to monitor trends in HIV care depends on accurate and timely reporting of data by HIV care providers, laboratories, health departments, and other entities. For example, estimation of several of the committee’s recommended indicators for clinical HIV care require accurate estimates of the number of people living with diagnosed HIV infection in the United States, as well as CD4 and viral load testing information, reported for state and local as well as national HIV/AIDS surveillance purposes.
As of April 2008, all 50 states, the District of Columbia, and 6 dependent areas had implemented confidential name-based HIV case reporting (in addition to AIDS case reporting), where the names of individuals who test positive for HIV are reported to state or local public health authorities (CDC, 2010) (Table 4-1). Some research has shown underreporting of HIV/AIDS cases by health care providers and laboratories to public health authorities (Hall et al., 2006). Past studies conducted in different geographic areas and years show a range of AIDS case reporting completeness of 60 to 98 percent (Buehler et al., 1992; Doyle et al., 2002; Greenberg et al., 1993, Jara et al., 2000; Rosenblum et al., 1992; Schwarcz et al., 1999). These studies were limited in that they assessed completeness of reporting for a specific geographic area or for an isolated time period (Hall et al., 2006). Attempting to address the weaknesses of previous studies, Hall and colleagues (2006) used capture-recapture methods to assess the completeness of HIV and AIDS case data reported to surveillance programs during October 1, 2002 to September 30, 2003. Over the 1-year period, 11,266 HIV diagnoses were reported to surveillance programs in four states and two cities. The estimated completeness of reporting of HIV diagnoses was 76 percent when allowing 6 months of reporting delay and increased to 81 percent with 12 months of follow up. The estimated completeness of AIDS diagnoses reported to seven states and two cities (11,079 AIDS diagnoses were reported) was 77 percent when allowing 6 months of a reporting delay (Hall et al., 2006). Based on this research, in part, the CDC estimates the completeness of reporting of HIV infection to be more than 80 percent (CDC, 2010).
Barriers to the reporting of notifiable diseases, including HIV/AIDS, may include lack of awareness of reporting requirements and procedures on the part of providers, human error, lack of motivation, and poor system processes (Lazarus et al., 2009; Overhage et al., 2008; Turnberg et al., 2010). Evidence suggests that automated electronic reporting facilitates more accurate and complete reporting of notifiable diseases to public health authorities. For example, Overhage and colleagues (2008) found that use of an automated electronic laboratory reporting (ELR) system to report notifiable conditions to health departments serving Indianapolis, Indiana, identified 4.4 times as many cases of such conditions as traditional, spontaneous, paper-based methods, likely by helping to overcome some of the barriers noted above. The ELR system also identified cases about 8 days earlier than spontaneous reporting (Overhage et al., 2008). Despite substantial progress in the implementation of electronic reporting, some reporting mechanisms still depend on practitioner-initiated manual data entry and submission, which are more likely to result in delayed and inaccurate data (Lazarus et al., 2009).
State and local HIV/AIDS surveillance systems collect additional laboratory information on established, reported cases of HIV/AIDS, such as CD4 and viral load counts. These data are used for surveillance purposes, such as to verify existing cases of HIV/AIDS, to identify potential new cases, and to evaluate unmet medical need (CSTE, 2009). HIV diagnostic CD4 count and HIV viral load test results are reportable from clinical, hospital, laboratory, or other authorities in all but a few U.S. states and territories (CSTE, 2011). However, as is discussed in Chapter 3, states currently vary with respect to the level at which viral load and CD4 test results are reportable. In several states, CD4 cell counts of less than 500 or 200 cells/mm3 are reportable, whereas in other states all CD4 values are reportable. In addition, some states do not report undetectable viral load results (see Chapter 3, Appendix Table 3-5) (Personal communication, Amy Lansky, Centers for Disease Control and Prevention, October 6, 2011). The variability in the legislation and regulations for reporting may result in differences in the completeness of data and make it difficult to compare these measures across states and territories. The committee recommends (see Recommendation 3-2 in Chapter 3) that CDC take steps to enhance HIV/AIDS surveillance by issuing guidelines or criteria for National HIV Surveillance System reporting to include all CD4 and viral load test results.
Non-reporting of HIV/AIDS cases identified at anonymous testing sites may be another barrier to the completeness of surveillance data. Health departments introduced anonymous HIV testing early in the HIV epidemic because of the unique stigma attached to HIV and concern that fear of potential breaches in confidentiality might deter individuals from testing (Markovitz et al., 2011). Unlike confidential HIV testing where an individual’s name is recorded with her or his test result, in anonymous HIV testing a number or code is linked to the test, and only the individual being tested knows the code. Individuals who test positive for HIV at anonymous testing sites are not reported to state or local health departments unless they choose to have their test results converted from anonymous to confidential (CDC, 2011b). Anonymous testing is an important service. Research has shown that it contributes to earlier testing as well as medical care (as defined by the average number of days in HIV-related medical care before an AIDS diagnosis) (Bindman et al., 1998). A recent study of public testing sites in Colorado and Washington state showed that anonymous testers were significantly more likely to have CD4+ cell counts >500 cells/mm3, suggesting an earlier stage of HIV infection. Yet because anonymous tests are not reported to confidential HIV/AIDS surveillance systems, surveillance data may not be representative of individuals who are tested at anonymous testing sites (CDC, 1999, 2011b).6 Research on the demographic characteristics of anonymous testers shows that they are often MSM and younger, more often white, and more likely to report more years of education than individuals who receive confidential testing (Markovitz et al., 2011). Most U.S. states and territories currently offer both anonymous and confidential HIV testing, although some have only confidential testing (Table 4-1). Many cases of HIV/AIDS identified at anonymous testing sites, along with CD4 count and viral load information, are added to surveillance after individuals enter care.
One of the core functions of health departments in response to the HIV epidemic is the collection and analysis of data on the number of PLWHA and demographic data on individuals who receive services through federally funded HIV/AIDS programs within a jurisdiction (NASTAD, 2007). The data are compiled and analyzed at the local and national levels and serve as the basis for decision making about funding to state and local health departments to support HIV/AIDS programs. Sharing of identifiable health information across health departments is often necessary to link data for individuals who receive HIV care and supportive services across multiple jurisdictions. However, local laws designed to protect identifiable information may inhibit data sharing among state public health authorities, compromising the accuracy of the analysis of and conclusions drawn from the data (Hodge et al., 2011; Personal communication, Carmine Grasso, New Jersey Department of Health and Senior Services, August 9, 2011).7
Funding mechanisms can result in inadequate resources within health departments to support activities related specifically to data collection and analysis. When data collection and analysis activities are funded, they may be lumped into the category of administrative costs, which may result in inadequate allocation of financial and staff resources to these activities. For example, due to budget constraints that impede the employment of staff with expertise in data collection and analysis, health departments may delegate data collection and analysis activities to support staff who may not be sufficiently trained to perform these activities (Personal communication, Carmine Grasso, New Jersey Department of Health and Senior Services, August 9, 2011).
Reducing Provider Reporting Burden
Grantees of federally funded HIV/AIDS programs are an important source of HIV care and supportive services data. To comply with funding requirements, grantees must generate and submit to federal agencies numerous programmatic reports. These reports contain program information that can inform how well the clinical care and supportive services needs of PLWHA are being met locally and nationally. The range of data contained in such reports includes, but is not limited to, the number and demographics of PLWHA within a specific jurisdiction or provider setting who receive medical services, pharmaceutical assistance, and supportive services such as housing assistance, as well as information on the provision of care and supportive services to communities that are disproportionately affected by HIV.
As the recipients of numerous core and supplemental HIV/AIDS grant awards, health departments are central to the collection and reporting of data to monitor progress in achieving NHAS goals. However, health departments are currently overburdened with myriad grant-related administrative activities. The scope of reporting requirements for state health departments in 2010 included 96 reports for core and supplemental (e.g., STD and viral hepatitis) HIV/AIDS grant awards (Figure 4-1). Reporting includes several hundred specific variables (NASTAD, 2011; PACHA, 2011). Furthermore, the National Alliance of State and Territorial AIDS Directors (NASTAD) reports that the current requirements for reporting on program planning, progress, and performance measures are project specific and inconsistent across related programming (e.g., HIV prevention and STD prevention and control; HIV prevention and HIV/AIDS care). Thus, health departments must modify their reporting practices to meet the specifications of each grant. Projects also operate on different grant cycles, which further complicates reporting. There is also substantial duplication in reporting practices owing to differences in the schedules for reporting on program progress and for local disease reporting and service data collection and validation. Health departments often must submit incomplete or inaccurate data on program progress, and then resubmit the data after local data are updated (to ensure the accuracy and completeness of program progress reports) (NASTAD, 2012).8
According to the Presidential Advisory Council on HIV/AIDS (PACHA), the current reporting requirements for grantees of federally funded programs have not resulted in a set of metrics by which to thoroughly monitor the HIV epidemic. Nor have they yielded data of sufficient quality to effectively evaluate and manage federal HIV/AIDS programs (PACHA, 2011). A smaller number of key metrics that are relevant to NHAS goals could be used across federal agencies to monitor progress in managing the epidemic. Use of metrics that are comparable across funding agencies would also help to streamline reporting requirements for grantees (PACHA, 2011). While the committee was preparing this report, there was an effort under way by the U.S. Department of Health and Human Services (HHS) to identify a uniform set of HIV-related metrics to be used across funding agencies and reduce reporting burden (HHS, 2011; Valdiserri and Forsyth, 2011). The committee supports this current effort and recommends that it be maintained and institutionalized (see recommendation 4-1 at the end of this chapter) so that data needs can be periodically reprioritized based on changes in the HIV epidemic and to facilitate continued minimization of grantee reporting burden.
Legislative action may also be necessary to reduce reporting burden in certain instances because some of the overlapping and duplicative reporting activities are delineated in federal legislative or appropriations language. For example, per its authorizing legislation, the Ryan White HIV/AIDS Program contains multiple parts. Each part includes several different funding components and requirements that are often in conflict, duplicative, and may be burdensome for grantees.
In addition to health departments, sites that provide direct clinical care and supportive services to PLWHA could stand to benefit from the use of a streamlined set of metrics for HIV monitoring. Such entities, such as community health centers (CHCs), may themselves be the direct grantees of federally funded HIV/AIDS core or supplemental programs and report program data to funding agencies, or they may provide data to health departments that are then incorporated into reports for federal agencies.
Providers of HIV clinical care and supportive services have many competing responsibilities and restrictions (e.g., budget or expertise related) on the amount of staff time that can be devoted to reporting activities. As potential users of the collected data, the various providers of HIV care and supportive services can be involved in decision making about what data are important to collect as well as processes for collecting them. Early and continuous dialogue with providers about the data collection process can help to identify and address any concerns in a timely fashion, and perhaps help to reduce reporting burden later on. Some federal HIV/AIDS data collection efforts are already informed by such input. As one example, proposed data variables for the Health Resources and Services Administration’s (HRSA’s) AIDS Drug Assistance Program Data Report were vetted with Ryan White HIV/AIDS Program grantees (CareActTarget.org, 2011).
OTHER POLICY BARRIERS TO THE COLLECTION OF HIV CARE DATA
Several other laws and policies may present obstacles to the collection of data elements needed to estimate the committee’s recommended core indicators. These include federal and state policies that result in a fragmented health care system, as well as federal and state policies pertaining to the disclosure of health information.
Federal and State Policies That Result in a
Fragmented Health Care System
There are multiple sources of care and care coverage for PLWHA in the United States. PLWHA who are insured and in the health care system rely heavily on public insurance programs (i.e., Medicaid, Medicare, both) to finance their care. PLWHA who are uninsured or underinsured rely on safety net programs such as the Ryan White HIV/AIDS Program, CHCs, and public hospitals. Other PLWHA are privately insured. Care for many PLWHA is financed through multiple sources (KFF, 2004).
The multiple sources of care and care coverage are uncoordinated, making it difficult for patients to navigate care. Furthermore, eligibility for these programs depends on factors such as health or disability status, family status, employment status and income, and assets that will vary over time for any given individual (Table 4-2). Eligibility for programs also varies widely by state, particularly for Medicaid and the Ryan White HIV/AIDS Program. Thus, a person may be eligible for a program in one state but not in another, and not all states have the same coverage and care programs (KFF, 2004).9 As PLWHA lose access to care or move from one source of care or care coverage to another, there may be gaps or losses in care data, or duplicate records, which can complicate collection of data needed to estimate the indicators recommended by the committee.
Some provisions of the ACA will not be implemented by states uniformly, resulting in state variation in eligibility of PLWHA for health insurance and, by consequence, access to health care. One of several examples relates to the establishment of health insurance exchanges that will serve as points of access to commercial health insurance for individuals and employers. The ACA sets broad parameters for the exchanges, but states are given flexibility on several features, such as whether to establish their own exchange or rely on the federal government to do so and how the exchange will interact with the state’s Medicaid program (Carey, 2010). In many states, legislation has been proposed to alter or oppose provisions of the ACA. Resulting differences in access to health care by state will have to be taken into consideration for the collection and use of program data for purposes of monitoring the impact of the ACA on improvements in HIV care.
In the current fragmented health care system, the various sources of care and care coverage often have their own policies relating to the sharing of data. Data from private sources, such as commercial health insurers, may be proprietary, for example. As noted earlier in this chapter, local privacy laws and lack of data sharing mechanisms among state and local public health authorities can impede the collection and analysis of surveillance data (Personal communication, Carmine Grasso, New Jersey Department of Health and Senior Services, August 9, 2011).
Federal and State Laws Pertaining to the Disclosure of Health Information
Privacy of personal health information is a concern for many PLWHA. Fears of breaches in confidentiality and resulting HIV stigma can result in individuals not accessing or adhering to care and treatment (Kempf et al., 2010; Whetten-Goldstein et al., 2001). When personally identifying information is disclosed, it can result in stigma, embarrassment, and discrimination. Without some assurance of privacy, people may be disinclined to provide honest and complete disclosures of sensitive information, even to their physicians (IOM, 2009). This section discusses federal and state privacy laws designed to protect patient health information and how these laws may influence the collection of HIV care data for purposes of estimating the core indicators recommended by the committee.
Health Insurance Portability and Accountability Act Privacy Rule
At the federal level, the sharing and use of people’s health information is governed primarily by the Health Insurance Portability and Accountability Act (HIPAA, P.L. 104-191), which was enacted by Congress in 1996 with the goals of making health care delivery more efficient and increasing the number of Americans with health insurance. The HIPAA Privacy Rule was developed under administrative simplification provisions of the HIPAA, instructing the HHS Secretary to issue regulations concerning electronic transmission of health information, which was increasing in the early 1990s (IOM, 2009). The Privacy Rule standardizes requirements for disclosure of individually identifiable protected health information (PHI) related to “an individual’s past, present, or future physical or mental health condition; the provision of health care to the individual; or, the past, present, or future payment for the provision of health care to the individual” (HHS, 2003).
PHI includes names, all geographic subdivisions smaller than a state, all elements of dates (except year) directly related to an individual, Social Security numbers, and other information.10 Data elements to estimate indicators of HIV care that are recommended by the committee (see Chapter 2) that may be considered PHI include zip code, several date-based elements (e.g., date of HIV diagnosis, dates of viral load and CD4 counts), and age.
The Privacy Rule applies to health plans, health care providers, and health care clearinghouses that electronically transmit health information in connection with certain health care transactions11 (HHS, 2003). These entities are collectively designated as “covered entities” (Box 4-1). Covered entities, which include providers of care and care coverage to PLWHA, are required to obtain patient authorization before using or disclosing PHI to third parties, except under the following circumstances:
- To the individual (unless required for access or accounting of disclosures);
- For treatment, payment, and health care operations;
- To provide an individual the opportunity to agree or object to uses and disclosures of PHI (informal permission);
- For purposes of an incident to an otherwise permitted use and disclosure (i.e., a secondary use or disclosure that cannot reasonably be prevented, is limited in nature, and occurs as a result of another permitted use or disclosure);
- For public interest and benefit activities; and
- For a Limited Data Set for the purposes of research, public health or health care operations (HHS, 2003).
The permitted use and disclosure of PHI without patient authorization for “public interest and benefit activities” is particularly relevant to the public health goal of monitoring improvement in HIV care. Under this exception, covered entities may disclose PHI for public health activities—for example, to public health authorities as required by law to prevent and control disease (such as HIV/AIDS), injury, and disability. Public health activities include, but are not limited to, “reporting of disease, injury, and vital events, and conducting public health surveillance, investigations, and interventions” (CDC, 2003). Examples of public health authorities include the CDC and state and local health departments, which is why providers are permitted to report new HIV and AIDS cases with patient identifying information to area public health authorities.12 PHI also may be disclosed to health oversight agencies for activities such as audits and investigations necessary for administration of the health care system and government benefit programs (HHS, 2003). Disclosure of PHI by covered entities to HRSA’s HIV/AIDS Bureau (HAB) for purposes of monitoring and assessing its grants is permitted under the health oversight exception, for example (HRSA, 2010). PHI may also be released for research, defined as “a systematic investigation, including research development, testing, and evaluation, designed to develop or contribute to generalizable knowledge” [45 CFR.
164.501] (HHS, 2003).The collection of data for purposes of monitoring HIV care may also occur under the Limited Data Set permitted use and disclosure, which may be used for public health, health care operations, or research activities (HHS, 2003). A Limited Data Set is PHI that excludes direct identifiers of an individual, her or his relatives, employers, or household members, but may include the following:
- Geographic data other than street address (town, city, state, zip code);
- Dates relating to an individual (dates of birth, admission, and discharge); and
- Other unique identifying characteristics or codes not listed as direct identifiers (HHS, 2003).
Covered entities are required to condition their disclosure of a limited data set to third parties on establishment of a data use agreement.13
HIPAA-covered entities may not disclose data on “small cells” or for data elements for which there is a very small number of observations. For example, there may be a small number of HIV cases among a subpopulation in a geographic area, and release of the data could reveal an individual’s identity. This could be an impediment to analysis of subpopulations of PLWHA.
The Privacy Rule does not apply to health information that has been de-identified in accordance with the Privacy Rule (HHS, 2003).14 Limited data sets differ from de-identified information in that they may contain dates and some geographic information associated with an individual that are absent from de-identified information.
Several of the data systems identified in Chapter 3 as important for monitoring indicators of HIV care are maintained within HIPAA-covered entities (i.e., Medicaid Statistical Information System [MSIS], CMS Chronic Condition Data Warehouse [CCW], Kaiser Permanente, North American AIDS Cohort Collaboration on Research and Design [NA-ACCORD], CFAR Network of Integrated Clinical Systems [CNICS]). In cases where PHI-linked data are requested from these data systems for purposes of estimating core indicators, the reasons for use of the data may be required to fall within the permitted uses and disclosures of the Privacy Rule (listed above), which may include the public health and limited data set exceptions.
Even with the permitted uses and disclosures of PHI and the allowable use of de-identified data from HIPAA-covered entities, the Privacy Rule and its varying interpretations may impede data collection (Gostin and Nass, 2009). In an evaluation of the collection of race, ethnicity, and language data in medical practices with five or fewer physicians, Hasnian-Wynia and colleagues found practices worried that asking questions about race or ethnicity could be a violation of patient privacy rights under the HIPAA, even though the collection of race and ethnicity data from patients in health care settings does not violate the HIPAA Privacy Rule and is legal under both federal and state law (Hasnian-Wynia et al., 2010). In another study, health information managers reported increases in the public’s misunderstanding about release of patient information under HIPAA to be a major barrier to the release of such information. Lack of an umbrella policy or regulation defining infractions and enforcement and challenges in controlling safeguards related to the release of information with increased use of health IT, such as electronic health records, were other major barriers (Houser et al., 2007).
The implementation of the Privacy Rule has changed the way in which covered entities manage health information. Concerned about compliance with the Privacy Rule, many providers have reevaluated the manner in which patient data are stored and disseminated (Wilson, 2009). As noted previously, the Privacy Rule permits the release of PHI without patient permission for public health purposes. Yet the terms of release are unclear and leave room for interpretation as to whether disclosure is permitted. Covered entities and their attorneys (whose job is to minimize clients’ risk rather than improve public health) may decide not to release requested information, given that the release of PHI under the public health exception is permitted but not mandatory (Wilson, 2009). Public health officials have found success in gaining access to personal health data to be mixed and note that covered entities cite the Privacy Rule as a reason not to provide data to researchers and health departments (Stoto, 2008). Concern that reported data may reveal aspects of a person’s lifestyle such as health status (e.g., HIV) or behaviors (e.g., unsafe sex or needle sharing) may result in reluctance to disclose PHI among both patients and providers (Gostin, 2002).
A potential disincentive to reporting is that covered entities that do release PHI for certain public health activities are required to record such disclosures and make an accounting of the disclosures available to patients who request them (Wilson, 2009).15 Reporting of patient information to authorities can create tensions between physicians, whose primary role is to protect their patients’ interests, and public health, whose primary role is to protect the population’s interests (Gostin, 2002; Wilson, 2009).
As noted in Chapter 3, epidemiologic studies are a useful source of data on HIV care. Researchers who conduct epidemiologic studies on PLWHA often have to obtain patient information from hospitals and clinics that are HIPAA-covered entities (Houser et al., 2007). A few studies conducted after the Privacy Rule became effective in 2003 suggested that the HIPAA Privacy Rule had a negative impact on the conduct of health research, including research related to public health surveillance (e.g., Armstrong et al., 2005; Linet, 2003; Ness, 2007). A 2007 study showed that the Privacy Rule had little impact on a researcher’s ability to obtain patient medical records. A likely by-product of HIPAA, however, was the refusal of 10 percent of facilities to accept a HIPAA-compliant release form other than their own, adding delay time, increasing participant burden, and creating a possible loss of study outcomes (Houser et al., 2007).
Confidentiality of Alcohol and Drug Abuse Patient Records Regulation
HIV-infected drug users have increased prevalence and frequency of medical, substance use, and psychiatric disorders that result in increased morbidity and mortality (Altice et al., 2010). Left untreated, these comorbid disorders can complicate treatment by impeding adherence to antiretroviral therapy, which is critical to maintaining suppression of viral replication (Altice et al., 2010; Fiellin, 2004). Therefore, screening and referral for substance abuse treatment are important components of HIV care.
Confidentiality has been fundamental to the practice of substance abuse treatment in the United States for more than four decades. In 1975, Congress enacted the Confidentiality of Alcohol and Drug Abuse Patient Records Regulation16 (see 42 CFR
Part 2 or “Part 2”) after it recognized that the stigma associated with substance abuse, as well as fear of prosecution, might deter individuals from entering treatment (Fenner, 2009; SAMHSA, 2004). The regulation, hereafter referred to as “Part 2,” establishes confidentiality requirements for patient records maintained in connection with application for or receipt of services provided by federally assisted programs that provide alcohol and drug treatment, diagnosis, and referral services programs.17Part 2 has been described as “powerfully preemptive” of both lesser state laws and HIPAA (Rosenbaum et al., 2009). Part 2 generally requires patient consent for disclosure of identifying information that reveals that a patient is in, has been in, or has applied for substance abuse treatment.18 It also prohibits health care providers and plans that receive information from disclosing it to another entity without patient consent. Most substance abuse treatment programs are subject to both Part 2 and the Privacy Rule and must comply with both. According to guidance for alcohol and substance abuse programs developed by SAMHSA, this generally means that programs will follow Part 2 and not disclose information unless they receive patient consent or can point to an exception that permits the disclosure. Then programs confirm that the disclosure is also allowed under the Privacy Rule (SAMHSA, 2004).
There are instances in which patient identifying information can be disclosed without patient consent under Part 2, such as (42 CFR Part 2, Subpart D—Disclosures without patient consent):
- to medical personnel in case of a medical emergency;
- to qualified personnel to conduct research, management audits, financial audits, or program evaluation (e.g., through a qualified service organization agreement [QSOA]);19
- for communications within a program; and
- for communications between a program and an entity having direct administrative control over the program.
Unlike the Privacy Rule, which usually permits the disclosure of PHI without patient consent for treatment, payment, or health care operations purposes, Part 2 typically requires patient consent for such disclosures (see 42 CFR
2.3, 2.12, 2.13). As with the Privacy Rule, Part 2 does not apply to data that have been de-identified (SAMHSA, 2004).Part 2 does not prohibit drug and alcohol treatment programs from meeting state-mandated communicable disease reporting and follow-up responsibilities. Therefore, programs can report cases of HIV/AIDS and other communicable diseases without patient consent to local public health authorities, such as through a QSOA with the local public health department or by some other mechanism. Reported cases of HIV/AIDS would probably not be linked to substance abuse treatment information; however, most states require reporters to identify themselves (which may disclose that the information is coming from a drug and alcohol abuse treatment program) (SAMHSA, 2004).
Part 2 may impede the collection of data on date of diagnosis for substance use disorder, date of referral for substance abuse services, and date of first visit for substance abuse services. These data elements are needed to estimate the proportion of people with diagnosed HIV infection and substance use disorder who are referred for substance abuse services and receive these services within 60 days, one of the core indicators recommended by the committee. Most drug and alcohol treatment programs receive federal assistance (SAMHSA, 2010) and therefore are required to be in compliance with Part 2. PLWHA in need of substance abuse treatment, especially those who are low income and under- or uninsured, are apt to receive such treatment from federally assisted programs.
Clinical Laboratory Improvement Amendments
Several of the committee’s recommended indicators require data from laboratory testing results. Clinical laboratory testing performed on humans in the United States is regulated by the federal Clinical Laboratory Improvement Amendments (CLIA). CLIA may apply to HIV and other tests (e.g., CD4 count, viral load, drug resistance testing, tuberculosis testing, and STD and hepatitis screenings) received by PLWHA that are processed by clinical laboratories. CLIA regulations allow clinical laboratories to disclose test results to individuals who are authorized under state law to order or receive test results and, if applicable, to the person responsible for using the test results and the referring laboratory, in the case of reference labs (Pritts et al., 2009a; 42 CFR
493.2). In the absence of state guidance, CLIA allows clinical laboratories to release laboratory results to “the individual responsible for using the test results and the laboratory that initially requested the test” (42 CFR 493.1291[f]). Who is responsible for using the test results is not defined under CLIA, however (Purington et al., 2010). Laboratory reporting of HIV, CD4, and viral load information to public health authorities is required in virtually all U.S. states (although, as discussed earlier, the level at which CD4 count and viral load reporting is required varies by state) (Personal communication, Amy Lansky, Centers for Disease Control and Prevention, October 6, 2011). While the CLIA provisions suggest that test results may be furnished to providers who order tests, whether clinical laboratories may directly provide results to health care providers who did not order the test or to patients varies by state (Pritts et al., 2009b; Purington et al., 2010). The role of state laws on clinical laboratory reporting is discussed in the following section.State Health Privacy Laws
In addition to federal laws, state statutes and regulations govern the disclosure of health information. In general, a state health privacy law that is more stringent about the privacy of individually identifiable health information takes precedence over federal law (Pritts et al., 2009b). State health privacy laws also are the primary laws governing entities that hold health information but are not covered under federal privacy laws (e.g., health care providers who do not electronically transmit health information in connection with health care transactions). The landscape of state health privacy laws is uneven because states are diverse in the rights and protections that they provide.
Because it was peripheral to the study charge, the committee did not conduct an independent review of current laws for all U.S. states and territories pertaining to the privacy of health information needed to estimate the core indicators of HIV care, behavioral health, and supportive services recommended in this report (although, such a review might be helpful to gain a better sense of the full extent to which state laws are barriers to the collection of necessary data). Instead, the committee consulted existing reviews of state health privacy laws and independently reviewed code pertaining to the privacy of health information for a few select states.
State Laws Pertaining to HIV and Other Communicable Disease Reporting Consistent with federal notifiable disease reporting, many states’ laws articulate that HIV test results, as well as results from tests for other communicable diseases, may be reported without patient permission to public health authorities. Under current New York State law, for example, a person who obtains confidential HIV-related information may not disclose such information except to “a federal, state, county or local health officer when such disclosure is mandated by federal or state law” (New York State Article 27-F, HIV and AIDS Related Information).
Similarly, under Illinois law, no person is permitted to disclose the identity of a person who receives HIV testing or the results of the test in a manner that permits the identification of the person, except to “the Department or the local health authority, in accordance with rules for reporting and controlling the spread of disease, or as otherwise provided by State law” (Illinois Title 77: Public Health, Subchapter K: Communicable Disease Control and Immunizations).
Disclosure of Health Information to Other Health Care Providers for Treatment Purposes The exchange of health information among providers for treatment purposes is essential both for the provision of coordinated care for PLWHA and for accurate and complete data collection.
A review of state law requirements for the disclosure of health information that is often considered “sensitive” and provided heightened legal protections showed that almost all U.S. states and territories have statutes or regulations that specifically address disclosure of HIV-related information or communicable diseases including HIV (Pritts et al., 2009b). The scope of state laws governing disclosure of HIV-related information between care providers includes information related to HIV test taking and results, other (i.e., non-HIV testing) HIV-related information, and/or the redisclosure of HIV-related information (i.e., from a recipient to someone else) (Table 4-3). As of 2008, when the review of state health information laws was conducted, laws in 41 U.S. states and territories addressed information related to HIV testing and results. At least 19 of these states had HIV-specific laws that apply to a wide range of HIV-related information and limit disclosure of all information that identifies, or could identify, a person as having HIV/AIDS. Laws in 15 states and territories expressly prohibited recipients of HIV-related information from redisclosing the information (Pritts et al., 2009a).20
Pritts and colleagues (2009b) note that the scope of the laws in states that address the disclosure of HIV-related information beyond HIV testing appear broad enough to possibly include valuable care information, such as information on antiretroviral medications. For example, the code for one of these states, New York, defines “confidential HIV-related information” as:
any information, in the possession of a person who provides one or more health or social services or who obtains the information pursuant to a release of confidential HIV related information, concerning whether an individual has been the subject of an HIV related test, or has HIV infection, HIV related illness or AIDS, or information which identifies or reasonably could identify an individual as having one or more of such conditions, including information pertaining to such individual’s contacts (Part 63 HIV/AIDS Testing, Reporting and Confidentiality of HIV-Related Information).
Some states permit the disclosure of HIV-related information for treatment purposes without patient permission absent any qualifying conditions. In many states, the disclosure of information without patient permission is allowed under specified circumstances, such as for continuing or emergency care purposes or when necessary for treatment, and is subject to various interpretations. As of 2008, five states, the District of Columbia, and four U.S. territories did not allow the disclosure of HIV-related information for treatment purposes without patient permission (Pritts et al., 2009b). States that require patient permission to disclose HIV-related information often require that the permission be in writing, although in some of these states, separate permission is not required for each release of information. A current provision of Massachusetts public health law on the disclosure of HIV testing results, for instance, states that no health care facility, physician, or health care provider shall “disclose the results of such test to any person other than the subject thereof without first obtaining the subject’s written informed consent; or identify the subject of such tests to any person without first obtaining the subject’s written informed consent” (Massachusetts Laws Ch.111 70F).
Almost every state has a statute or regulation that governs the disclosure of information related to substance abuse treatment. State laws generally impose confidentiality requirements on both substance abuse treatment records as well as the patient’s identity. The laws also focus primarily on patient information and records generated by substance abuse treatment programs and facilities, rather than those generated in the context of clinical care. The entities covered by statutes and regulations vary across states (e.g., in some states the law applies to programs that operate under or who have a contract with the state while other states’ laws have broader application) (Pritts et al., 2009b). As of 2008, laws in more than 30 states incorporate the federal standards (Part 2) for protection of confidentiality in federally funded programs and/or state-funded programs. Pritts and colleagues noted that in at least one state (Pennsylvania) restrictions on the disclosure of substance abuse treatment-related information for treatment reasons appear to be more restrictive than Part 2. A number of states’ laws specify the circumstances under which providers may disclose substance abuse treatment-related information without patient permission, such as for continuity-of-care purposes (Pritts et al., 2009b).
While there is no federal equivalent, nearly every state also has a statute or regulation that governs the disclosure of information maintained by mental health treatment facilities that provide inpatient treatment.21 The scope of entities covered varies; in some states the law applies to services provided by state, local, or county government, while in others the law applies to any establishment that provides mental health treatment. Most states’ mental health laws allow inpatient mental health treatment facilities to disclose health information for treatment reasons but for very limited circumstances. Some states have limitations on disclosures that may be made for treatment, such as restricting the type of information that can be shared and with whom. In several states, recipients are prohibited from further disclosure of the information except as authorized under the terms of the law. A few states’ mental health laws treat mental health information the same as other types of health information and generally permit disclosure without patient permission for treatment purposes. (The review did not include outpatient mental health treatment facilities.)
With respect to general clinical information, Pritts and colleagues (2009b) found that the HIPAA Privacy Rule sets the standard for disclosure of information by hospitals and medical doctors in many states (either expressly or implicitly). In other states, statutory or regulatory provisions independently allow for disclosure of health information without patient permission for treatment purposes. A handful of states have laws that either limit disclosures to providers who previously provided treatment to the patient, or allow patients to opt out of such disclosures (Pritts et al., 2009b). Under the Texas Health and Safety Code, for example, disclosure of a patient’s health care information by hospitals without the patient’s authorization is permitted only:
to a health care provider who is rendering health care to the patient when the request for the disclosure is made … [or] … to a prospective health care provider for the purpose of securing the services of that health care provider as part of the patient’s continuum of care, as determined by the patient’s attending physician (Texas Health and Safety Code
241.153).
Most states’ laws appear to permit pharmacists to disclose general clinical information for treatment reasons without patient permission. However, a few states indicate that the decision as to whether to provide such information is based on the pharmacists’ own professional judgment. In other states, pharmacists may disclose clinical health information without patient consent only to specific types of care providers (Pritts et al., 2009b).
Disclosure of Information Maintained by Clinical Laboratories State law controls who is authorized to receive the results of tests performed by clinical laboratories, as described in the discussion of CLIA above. A survey of state laws on the release of clinical laboratory test results by independent (rather than public health) laboratories showed that clinical laboratory licensing laws often restrict the release of test results to the person who ordered the test or the person authorized to use the test (Pritts et al., 2009a). Most states do not expressly allow results to be released to other providers.22,23 In addition, a few states have laws that limit the release of test results to health care providers who are licensed to practice within the state, presenting obstacles to the provision of care across state lines.
Pritts and colleagues (2009a) observe that states that provide heightened confidentiality for specific medical conditions such as HIV/AIDS impose an additional layer of complexity on the manner in which clinical laboratories may release test results. It is not always apparent whether clinical laboratories are subject to these statutes and regulations, which are written to cover a broad range of entities. As of 2008, laws in a handful of states with HIV/AIDS confidentiality laws that are broad enough to possibly include independent clinical laboratories expressly indicate that HIV test results must or may be provided to the person who ordered the test. In about half of the states, HIV/AIDS confidentiality laws appear to permit the disclosure of HIV test results to health care providers and health care facilities for treatment reasons without the patient’s permission. Some states have a “need-to-know” standard on the release of HIV test results, perhaps leaving disclosure open to various interpretations (Pritts et al., 2009a). For example, Ohio’s code on the disclosure of HIV test results to providers states:
The results of an HIV test or a diagnosis of AIDS or an AIDS-related condition may be disclosed to a health care provider, or an authorized agent or employee of a health care facility or a health care provider, if the provider, agent, or employee has a medical need to know the information and is participating in the diagnosis, care, or treatment of the individual on whom the test was performed or who has been diagnosed as having AIDS or an AIDS-related condition (OhioRev.Code.Ann.3701.243 [B]).
Privacy Issues in State Public Health Agencies The Public Health Data Standards Consortium conducted a survey of past, present, and future privacy-related issues faced by public health agencies in 2008. Among current issues, public health agencies identified the need for a standardized way to ensure data de-identification, because statutes (federal and state) have different definitions of de-identification. Agencies also identified the need for secure and reliable methods for linkages across databases. How to handle data breaches and identity theft in an environment where more information is being collected electronically was another concern. Privacy officers in public health agencies noted challenges to ensuring privacy and security-related training and education of the workforce as well as a need for clarification on oversight responsibilities and enforcement. One HIV-specific issue noted by privacy officers was the new federal requirement to report HIV/AIDS data to states with identifiable information (name), which required amendments to regulations as well as assurances to PLWHA that their data will be protected (PHDSC, 2008).
Participating health agencies also noted several new and emerging health information privacy issues. Privacy officers in health agencies identified the need to develop state public health privacy frameworks to simplify understanding and documentation of privacy regulations pertaining to the reporting of health information. The growing demand for identifiable information for research purposes that is occurring as a result of increased availability of data in electronic form creates greater opportunity for linking data across systems and tracking individual-level data longitudinally. However, privacy officers reported that these changes present more complex privacy issues for state agency institutional review boards and raise ethical challenges in balancing increased access to data for research and ensuring the privacy and security of health information (PHDSC, 2008).
CONCLUSIONS AND RECOMMENDATIONS
Reimbursement-Related Barriers to the Collection of HIV Care Data
- Reimbursement policies and practices can result in the dispersal of care information across multiple entities. For example, care services that are carved out of a health plan (e.g., behavioral health, transportation, dental, and pharmacy benefits) may not be recorded in the primary insurer’s claims records. Therefore, the primary insurer’s records will not provide a complete medical history of the patient. Means to link data across reimbursement systems will be required to gain access to a complete medical history for many PLWHA.
Reporting-Related Barriers to the Collection of HIV Care Data
- Several of the core indicators recommended by the committee require estimates of the total number of people diagnosed with HIV in the United States, as well as dates and values of CD4 count and viral load tests. Incomplete HIV/AIDS case reporting by providers to public health authorities; variability in the levels at which CD4 counts and viral loads are reportable across states; and a lack of mechanisms for health departments to share data across jurisdictions may influence the comprehensiveness and accuracy of reported data. Staffing, administrative, and budgetary constraints are other potential barriers to reporting for health departments and other providers of HIV care and supportive services.
- Current national estimates of the number of people who are tested for HIV at anonymous sites were not available at the time of this report. Most states do offer anonymous HIV testing, however. Although anonymous testing should be acknowledged as a minor barrier to the completeness of HIV surveillance data, its benefits may outweigh this drawback since the availability of anonymous testing may promote testing among individuals who are concerned about potential breaches in the confidentiality of their testing information.
Reducing Data Reporting Burden
- Grantees of federally funded HIV/AIDS programs are a vital source of HIV care and supportive services data, but are currently overburdened by the many reporting obligations they are required to fulfill as a condition of program funding. The reporting requirements for core and supplemental HIV/AIDS programs administered by health departments are often project specific, even across related programming (e.g., HIV prevention and HIV/AIDS care), requiring staff to modify their reporting practices for each grant. Reporting is further complicated by the fact that programs operate on different grant cycles so that reports for related programs are due a different times during the year. According to the Presidential Advisory Council on HIV/AIDS, the current reporting requirements for grantees of federally funded HIV/AIDS programs have not resulted in a set of metrics by which to thoroughly monitor the HIV epidemic or to evaluate federal HIV/AIDS programs. A smaller number of metrics that are aligned with NHAS goals could be used across federal agencies to monitor progress in managing the epidemic. As it was preparing this report, the committee learned that there is an effort under way by HHS to identify a set of HIV-related metrics to be used across funding agencies and reduce reporting burden for program grantees. The committee supports this current effort and recommends that it be maintained so that data needs can be periodically reprioritized based on changes in the HIV epidemic and to facilitate continued minimization of grantee reporting burden.Recommendation 4-1. The Department of Health and Human Services should maintain and institutionalize the existing effort to streamline data collection and reduce reporting requirements for federally funded HIV/AIDS programs. This will allow for periodic reprioritization of data needs based on changes in the HIV epidemic that occur over time, and ensure the continuous availability of data to effectively monitor HIV care while minimizing reporting requirements for grantees. The data reprioritization should involve health departments, HIV provider organizations, and federal agencies that are major funders of HIV/AIDS programs, including HHS, the Department of Veterans Affairs, and the Department of Housing and Urban Development.
- Engagement of health departments, HIV care clinicians, and other stakeholders in the planning of an HIV/AIDS data collection effort can help to identify what data are most important to collect (since these groups are often users of the collected data) as well as processes for collecting those data. Involvement of stakeholders may foster greater investment in data collection and reduce reporting burden since the data collected will be more closely aligned with stakeholders’ own data needs.
Other Policy Barriers to the Collection of HIV Care Data
- The various sources of care and care coverage in the United States each have their own eligibility requirements. As a result, many PLWHA shift in and out of care and change providers over the course of their illness, which creates opportunities for gaps or losses of patient data and impedes longitudinal tracking of care. Improved exchange of data across systems maintained by insurers and providers would help to address this problem, as discussed in Chapter 5.
- Several provisions of the ACA are being implemented differently by states. Resulting differences across states in access to health insurance and health care will have to be taken into consideration for purposes of monitoring the improvements HIV care resulting from the ACA and more generally.
- Providers of HIV care and supportive services contend with numerous federal laws and state statutes and regulations on the proper use and disclosure of patient information. The inconsistent nature of these protections, which often leave the decision of whether or not to disclose requested patient information open to various interpretations, may result in discrepancies in data sharing and reporting across states and providers. Such discrepancies may influence the availability and quality of data needed to estimate indicators of HIV care and supportive services.Recommendation 4-2. The Department of Health and Human Services should issue guidance to the HIV care community to clarify what is permissible patient information to share given federal and state privacy laws.
REFERENCES
- Agee B. S., Funkhouser E., Roseman J. M., Fawal H., Holmberg S. D., Vermund S. H. Migration patterns following HIV diagnosis among adults residing in the non-urban deep south. AIDS Care. 2006;18((Suppl 1)):S51–S58. [PubMed: 16938675]
- Altice F. L., Kamarulzaman A., Soriano V. V., Schechter M., Friedland G. H. Treatment of medical, psychiatric, and substance-use comorbidities in people infected with HIV who use drugs. The Lancet. 2010;376:367–387. [PMC free article: PMC4855280] [PubMed: 20650518]
- AMA (American Medical Association). The Impact of Medicare Physician Payment on Seniors’ Access to Care. 2010. http://media
.washingtonpost .com/wp-srv/outlook /documents/medicare _survey_results_061810.pdf (accessed March 7, 2012) - Armstrong D., Kline-Rogers E., Jani S. M., Goldman E. B., Fang J., Mukherjee D., Nalla-Mothu B. K., Eagle K. A. Potential impact of the HIPAA Privacy Rule on data collection in a registry of patients with acute coronary syndrome. Archives of Internal Medicine. 2005;23:1125–1129. [PubMed: 15911725]
- Bachman J., Pincus H. A., Houtsinger J. K., Unutzer J. Funding mechanisms for depression care management: Opportunities and challenges. General Hospital Psychiatry. 2006;28:278–288. [PubMed: 16814626]
- Berk M. L., Schur C. L., Dunbar J. L., Bozzette S., Shapiro M. Short report: Migration patterns among persons living with HIV. Social Science & Medicine. 2003;57:1091–1097. [PubMed: 12878108]
- Bindman A. B., Osmond D., Hecht F. M., Lehman J. S., Vranizan K., Keane D., Reingold A. Multistate evaluation of anonymous HIV testing and access to medical care. Journal of the American Medical Association. 1998;280(16):1416–1420. [PubMed: 9801001]
- Buehler J. W., Berkelman R. L., Stehr-Green J. K. The completeness of AIDS surveillance. Journal of Acquired Immune Deficiency Syndromes. 1992;5:257–264. [PubMed: 1740751]
- CareActTarget. ADAP Data Report Proposed Client-Level and Grantee-Level Data Variables; 2011. http://www
.careacttarget .org/library/media /ADAP/ADAPDataReportProposedCLDVarWorksheet.pdf and http://www .careacttarget .org/library/media /ADAP/ADAPDataReportProposedGLDVarWorksheet.pdf (accessed March 7, 2012) - Carey R. Health Insurance Exchanges: Key Issues for State Implementation. 2010. http://www
.rwjf.org/files /research/70388.pdf (accessed March 7, 2012) - CDC (Centers for Disease Control and Prevention). Guidelines for national human immunodeficiency virus case surveillance, including monitoring for human immunodeficiency virus infection and acquired immunodeficiency syndrome. Morbidity and Mortality Weekly Report. 1999;48((RR13)):1–28. [PubMed: 10632297]
- CDC. HIPAA Privacy Rule and public health. Guidance from the CDC and the U.S. Department of Health and Human Services. Morbidity and Mortality Weekly Report. 2003;52:1–12. [PubMed: 12741579]
- CDC. HIV Infection Reporting. 2010. http://www
.cdc.gov/hiv /topics/surveillance/reporting.htm (accessed March 7, 2012) - CDC. Data Security and Confidentiality Guidelines for HIV, Viral Hepatitis, Sexually Transmitted Disease, and Tuberculosis Programs: Standards to Facilitate Sharing and Use of Surveillance Data for Public Health Action. 2011a. http://www
.cdc.gov/hiv/resources/guidelines/security_confidentiality_hiv.htm?source=govdelivery (accessed March 7, 2012) - CDC. HIV Surveillance Report. Diagnoses of HIV Infection and AIDS in the United States and Dependent Areas, 2009. 2011b. http://www
.cdc.gov/hiv /surveillance/resources /reports/2009report /pdf/2009SurveillanceReport.pdf (accessed March 7, 2012) - CMS (Centers for Medicare & Medicaid Services). Overview: EHR Incentive Program. 2012. https://www
.cms.gov/EHRIncentivePrograms/(accessed March 7, 2012) - Crystal S., Akincigil A., Bilder S., Walkup J. T. Studying prescription drug use and outcomes with Medicaid claims data: Strengths, limitations, and strategies. Medical Care. 2007;45((10 Suppl)):S58–S65. [PMC free article: PMC2486436] [PubMed: 17909385]
- CSTE (Council of State and Territorial Epidemiologists). National Assessment of HIV/AIDS Surveillance Capacity. Jun, 2009. http://www
.cste.org/dnn /Portals/0/HIV%20Capacity %20Assessment%20Report.pdf (accessed March 7, 2012) - CSTE. State Reportable Conditions Assessment. 2011. http://www
.cste.org/dnn /ProgramsandActivities /PublicHealthInformatics /StateReportableConditionsQueryResults /tabid/261/Default.aspx (accessed March 7, 2012) - Cunningham P. J., O’Malley A. S. Do reimbursement delays discourage Medicaid participation by physicians? Health Affairs. 2009;28((1)):w17–w28. [PubMed: 19017679]
- Doyle T. J., Glynn M. K., Groseclose S. L. Completeness of notifiable infectious disease reporting in the United States: An analytical literature review. American Journal of Epidemiology. 2002;155:866–874. [PubMed: 11978592]
- Fenner J. J. Mum’s the Word: Mental Health and Substance Abuse Treatment Information and Other Specialized Medical Records Issues. 2009. http://lldlaw
.com/LinkClick .aspx?fileticket=NWJe5Zv78bE %3d&tabid=81 (accessed March 7, 2012) - Fiellin D. A. Substance use disorders in HIV-infected patients: Impact and new treatment strategies. Topics in HIV Medicine. 2004;12(3):77–82. [PubMed: 15310938]
- Fleming N. S., Culler S. D., McCorkle R., Becker E. R., Ballard D. J. The financial and nonfinancial costs of implementing electronic health records in primary care practices. Health Affairs. 2011;30(3):481–489. [PubMed: 21383367]
- Gostin L. O. Surveillance and Public Health Research: Privacy and the “Right to Know.” In: Gostin L.O., editor. Public Health Law and Ethics: A Reader. Berkeley, CA: University of California Press; 2002. p. 295.
- Gostin L. O., Nass S. Reforming the HIPAA Privacy Rule: Safeguarding privacy and promoting research. Journal of the American Medical Association. 2009;301(13):1373–1375. [PubMed: 19336713]
- Greenberg A. E., Hindin R., Nicholas A. G., Bryan E. L., Thomas P. A. The completeness of AIDS case reporting in New York City. Journal of the American Medical Association. 1993;269:2995–3001. [PubMed: 8501841]
- Hall H. I., Song R., Gerstle J. E., Lee L. M. Assessing the completeness of reporting of human immunodeficiency virus diagnoses in 2002-2003: Capture-recapture methods. American Journal of Epidemiology. 2006;164:391–397. [PubMed: 16772373]
- Hasnian-Wynia R., VanDyke K., Youdelman M., Krautkramer C., Ivey S. L., Gilchick R., Kaleba E., Wynia M. K. Barriers to collecting patient race, ethnicity, and primary language data in physician practices: An exploratory study. Journal of the National Medical Association. 2010;102(9):769–775. [PubMed: 20922920]
- HHS (Department of Health and Human Services). Summary of the HIPAA Privacy Rule. 2003. http://www
.hhs.gov/ocr /privacy/hipaa/understanding /summary/privacysummary.pdf (accessed March 7, 2012) - HHS. The National Alliance for Health Information Technology Report to the Office of the National Coordinator for Health Information Technology on Defining Key Health Information Technology Terms. 2008. http://cdm266901
.cdmhost .com/cdm/singleitem /collection/p266901coll4 /id/2086/rec/8 (accessed March 7, 2012) - HHS. Workshop on the HIPAA Privacy Rule’s De-Identification Standard. 2010. http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/De-identification/deidentification workshop2010.html (accessed May 29, 2012)
- HHS. Review Reporting and Recordkeeping Requirements to Reduce Burdens. May 31, 2011. http://www
.hhs.gov/open /recordsandreports /execorders/13563/draft /candidates/5a2-review.html (accessed March 7, 2012) - Hicks J. The potential of claims data to support the measurement of health care quality. 2003. http://www
.rand.org/pubs /rgs_dissertations/RGSD171.html (accessed March 7, 2012) - Hodge J. G., Kaufman T., Jaques C. Legal Issues Concerning Identifiable Health Data Sharing Between State and Local Public Heath Authorities and Tribal Epidemiology Centers in Selected U.S. Jurisdictions. 2011. http://www
.cste.org/webpdfs /LegalIssuesConcerningIdentifiableHealthDataSharingBetweenStateLocalPublicHealthAuthoritiesandTribalEpidemiologyCentersinSelectedUSJurisdictionsFINAL.pdf (accessed March 7, 2012) - Houser S. H., Houser H. W., Shewchuk R. M. Assessing the effects of the HIPAA Privacy Rule on release of patient information by healthcare facilities. Perspectives in Health Information Management. 2007;4(1):1–11. [PMC free article: PMC2082070] [PubMed: 18066351]
- HRSA (Health Resources and Services Administration). Using Data to Measure Public Health Performance: A Guide for Ryan White HIV/AIDS Program Grantees. 2010. http://hab
.hrsa.gov/manageyourgrant /files/datatomeasure2010 .pdf (accessed March 7, 2012) - IOM (Institute of Medicine). Beyond the HIPAA Privacy Rule: Enhancing Privacy, Improving Health Through Research. Washington, DC: The National Academies Press; 2009. [PubMed: 20662116]
- Jara M. M., Gallagher K. M., Schieman S. Estimation of completeness of AIDS case reporting in Massachusetts. Epidemiology. 2000;11:209–213. [PubMed: 11021621]
- Johnston D., Pan E., Walker J., Bates D.W., Middleton B. The Value of Computerized Provider Order Entry in Ambulatory Settings. Center for Information Technology Leadership. 2003. www
.partners.org/cird /pdfs/CITL_ACPOE_Full.pdf (accessed March 7, 2012) - Joines W., Menges J., Tracey J. The Lewin Group. 2007. Programmatic Assessment of Carve-In and Carve Out Arrangements for Medicaid Prescription Drugs. http://www
.lewin.com /~/media/lewin/site_sections /publications /assessmentcarveincarveout.pdf (accessed March 7, 2012) - Kates J. Medicaid and HIV: A National Analysis; Oct, 2011. http://www
.kff.org/hivaids/upload/8218 .pdf (accessed March 7, 2012) - Kautz C., Mauch D., Smith S. A. Reimbursement of Mental Health Services in Primary Care Settings. Rockville, MD: Center for Mental Health Services, Substance Abuse and Mental Health Services Administration; 2008. (HHS Pub. No. SMA-08-4324)
- Kempf M. C., McLeod J., Boehme A. K., Walcott M. W., Wright L., Seal P., Norton W. E., Schumacher J. E., Mugavero M., Moneyham L. A qualitative study of the barriers and facilitators to retention-in-care among HIV-positive women in the rural southeastern United States: Implications for targeted interventions. AIDS Patient Care and STDS. 2010;24(8):515–520. [PubMed: 20672971]
- KFF (Kaiser Family Foundation). HIV/AIDS Policy Issue Brief. 2004. Financing HIV/AIDS care: A quilt with many holes. Publication 1607-02.
- KFF. Overview: Assessing the Patchwork of Care and Service for People Living with HIV/AIDS in the U.S; Washington, DC: Jun 21, 2010.
- KFF. HIV/AIDS Policy Fact Sheet. 2011. HIV testing in the United States. Publication 6094-11.
- Lardiere M. R. A National Survey of Health Information Technology Adoption in Federally Qualified Health Centers; 2009. http://www
.nachc.org /client/NACHC%202008 %20HIT%20Survey%20Analysis _FINAL_6_9_091.pdf (accessed March 7, 2012) - Lazarus R., Klompas M., Campion F. X. S., McNabb J.N., Hou X., Daniel J., Haney G., Demaria A., Lenert L., Platt R. Electronic support for public health: Validated case finding and reporting for notifiable diseases using electronic medical data. Journal of the American Medical Informatics Association. 2009;16:18–24. [PMC free article: PMC2605594] [PubMed: 18952940]
- Linet M. American College of Epidemiology (ACE) Testimony on Impact of HIPAA on Research. 2003. http://www
.ncvhs.hhs.gov/031120p3.htm (accessed March 7, 2012) - Markovitz A. R., Thibault C. S., Brandauer P. W., Buskin S. E. Primary antiretroviral drug resistance in newly human immunodeficiency virus-diagnosed individuals tested anonymously and confidentially. Microbial Drug Resistance. 2011;17(2):283–289. [PubMed: 21381964]
- NASTAD (National Alliance of State and Territorial AIDS Directors). The Role of State Health Departments in Administering Federal HIV/AIDS Programs. 2007. http://www
.nastad.org /Docs/highlight/200759_Role %20of%20States.pdf (accessed March 7, 2012) - NASTAD. 2010 State General Revenue Cuts in HIV/AIDS, STD and Viral Hepatitis Programs. 2010. http://www
.nastad.org /Docs/Public/InFocus /2011223_State%20Budget %20Cuts%202010%20FINAL.pdf (accessed March 7, 2012) - NASTAD. U.S. State Health Department HIV/AIDS, Viral Hepatitis, and STD Federal Program Reporting Requirements. 2011. http://www
.nastad.org /Docs/034156_Federal %20Reporting%20Requirements %20-%20June%202011%20update.pdf (accessed March 7, 2012) - NASTAD. Draft recommendations for streamlining reporting requirements; Feb 16, 2012.
- Ness R. B. Influence of the HIPAA Privacy Rule on research. Journal of the American Medical Association. 2007;298(18):2164–2170. [PubMed: 18000200]
- OCR (Office of Civil Rights). Health Information Privacy. 2003. http://www
.hhs.gov/ocr /privacy/hipaa/understanding /special/research/index.html (accessed March 7, 2012) - Overhage J. M., Grannis S., McDonald C. J. A comparison of the completeness and timeliness of automated electronic reporting and spontaneous reporting of notifiable conditions. American Journal of Public Health. 2008;98(2):344–350. [PMC free article: PMC2376898] [PubMed: 18172157]
- PACHA (Presidential Advisory Council on HIV/AIDS). Letter to President and HHS Secretary Kathleen Sebelius. Aug 8, 2011. http://aids
.gov/federal-resources /policies /pacha/meetings/august-2011 /august-2011-pacha-letter.pdf (accessed March 7, 2012) - PCAST (President’s Council of Advisors on Science and Technology). Report to the President: Realizing the Full Potential of Health Information Technology to Improve Healthcare: The Path Forward. Washington, DC: Dec, 2010.
- PHDSC (Public Health Data Standards Consortium). Health Information Privacy in State Public Health Agencies. A Review of Past, Present, and Future Privacy-Related Issues and Priorities Affecting Public Health Practice. 2008. http://www.phdsc.org/privacy_security/pdfs/PHDSC%20Best%20Priv%20Pract%20Proj%20-%20FULL%20 REPORT%20-%20FINAL%20-%201-15-09.pdf (accessed March 7, 2012)
- Pritts J., Lewis S., Jacobson R., Lucia K., Kayne K. Privacy and Security Solutions for Interoperable Health Exchange: Releasing Clinical Laboratory Test Results: Report on Survey of State Laws. 2009a. http://library
.ahima .org/xpedio/groups/public /documents/government/bok1_046379 .pdf (accessed March 7, 2012) - Pritts J., Lewis S., Jacobson R., Lucia K., Kayne K. Privacy and Security Solutions for Interoperable Health Exchange: Report on State Law Requirements for Patient Permission to Disclose Health Information. 2009b.
- Purington K., Alfreds S. T., Pritts J., Buxbaum J. Electronic Release of Clinical Laboratory Results: A Review of State and Federal Policy. 2010. http://www
.nashp.org /sites/default/files /ElectronicLabResultsExchangePolicy.pdf (accessed March 7, 2012) - Rao S. R., DesRoches C. M., Donelan K., Campbell E. G., Miralles P. D., Jha A. K. Electronic health records in small physician practices: Availability, use, and perceived benefits. Journal of the American Medical Informatics Association. 2011;18:271–275. [PMC free article: PMC3078653] [PubMed: 21486885]
- Reardon J., Davidson E. An organizational learning perspective on the assimilation of electronic health records among small physician practices. European Journal of Information Systems. 2007;16:681–694.
- Rosenbaum S., Abramson S., MacTaggart P. Health information law in the context of minors. Pediatrics. 2009;123((Suppl 2)):S116–S121. [PubMed: 19088227]
- Rosenblum L., Buehler J. W., Morgan M. W., Costa S., Hidalgo J., Holmes R., Lieb L., Shields A., Whyte B. M. The completeness of AIDS case reporting, 1988: A multisite collaborative surveillance project. American Journal of Public Health. 1992;82:1495–1499. [PMC free article: PMC1694633] [PubMed: 1443299]
- SAMHSA (Substance Abuse and Mental Health Services Administration). Confidentiality of Patient Records for Alcohol and Other Drug Treatment. 2004. Technical Assistance Publication (TAP) Series 13. http://kap
.samhsa.gov /products/manuals/taps/13b.htm (accessed March 7, 2012) - SAMHSA. Frequently Asked Questions: Applying the Substance Abuse Confidentiality Regulations to Health Information Exchange. 2010. http://www
.samhsa.gov /healthPrivacy/docs/EHR-FAQs.pdf (accessed March 7, 2012) - Schwarcz S. K., Hsu L. C., Parisi M. K., Katz M. H. The impact of the 1999 AIDS case definition on the completeness and timeliness of AIDS surveillance. AIDS. 1999;13(9):1109–1114. [PubMed: 10397542]
- Sittig D. F., Singh H. Legal, ethical, and financial dilemmas in electronic health record adoption and use. Pediatrics. 2011;127((4)):e1042–e1047. [PMC free article: PMC3065078] [PubMed: 21422090]
- Stoto M. A. Public health surveillance in the twenty-first century: Achieving population health goals while protecting individuals’ privacy and confidentiality. The Georgetown Law Journal. 2008;96:703–719.
- Turnberg W., Daniell W., Duchin J. Notifiable infectious disease reporting awareness among physicians and registered nurses in primary care and emergency department practices. American Journal of Infection Control. 2010;38(5):410–412. [PubMed: 20031271]
- Valdiserri R., Forsyth A. DHHS/OHAP Consultation on HIV/AIDS Core Indicators, Data Streamlining, and Federal Reporting Requirements. Washington, DC: Sep 19, 2011.
- Whetten-Goldstein K., Nguyen T. Q., Sugarman J. So much for keeping secrets: The importance of considering patients’ perspectives on maintaining confidentiality. AIDS Care. 2001;13(4):457–465. [PubMed: 11454266]
- Wilson A. Houston Journal of Health Law and Policy. 2009. Missing the mark: The public health exception to the HIPAA Privacy Rule and its impact on surveillance activity; pp. 131–156.
Footnotes
- 1
In FY 2007, 71 percent of Medicaid enrollees with HIV had some of their care paid for through Medicaid managed care (Kates, 2011).
- 2
The Lewin Group performed an assessment of carve-out and carve-in arrangements for pharmacy benefits within Medicaid MCOs (Joines et al., 2007). Among the advantages to MCOs with carve-in arrangements were that providers were more likely to have real-time access to pharmaceutical data to help prevent potential drug interactions and polypharmacy (unwanted duplication of drugs), identify inappropriate use of drugs, monitor controlled substance usage, and other interventions. Some representatives of carve-out MCOs reported that they do not always have access to real-time claims data to determine what medications patients are taking. The report noted the importance of data system integration to ensure real-time transfer of pharmaceutical information, both for MCOs that carve their pharmaceutical services out to other entities and for carve-in MCOs who may contract with a pharmacy benefits management group to manage pharmacy benefits (Joines et al., 2007).
- 3
Surveys of physicians show that there is substantial administrative burden associated with reimbursement processes under Medicaid and Medicare (AMA, 2010; Cunningham and O’Malley, 2009). This administrative burden includes payment delays, rejection of claims because a billing form was completed incorrectly or the physician was not able to verify a patient’s eligiblity, and complex rules and regulations on how claims are to be filed (Cunningham and O’Malley, 2009).
- 4
An electronic health record (EHR) is an electronic record of health-related information on an individual that conforms to nationally recognized interoperability standards and that can be created, managed, and consulted by authorized clinicians and staff across more than one health care organization (HHS, 2008).
- 5
Under a Medicare EHR incentive program, eligible health professionals can receive as much as $44,000 over a 5-year period. Incentive payments for hospitals and critical access hospitals (CAHs) are based on a number of factors and begin with a $2-million base payment. Under a Medicaid EHR incentive program, eligible health professionals can receive up to $63,750 over 6 years. As under the Medicare program, incentive payments for hospitals and CAHs under the Medicaid program are based on a number of factors and begin with a $2-million base payment (CMS, 2012).
- 6
In addition, in a 2007 survey of HIV/AIDS surveillance capacity in health departments, only 20 percent of health departments responded that it is permissible in their jurisdiction for a provider or laboratory to report a new HIV or AIDS case without a name or other personal identifier (CSTE, 2009).
- 7
The CDC issued guidance on standards for data security, confidentiality, and use across surveillance and program areas for HIV, viral hepatitis, STD, and TB prevention in state and local health jurisdictions in December 2011 (CDC, 2011a).
- 8
In addition, many health departments currently face staff challenges that affect reporting capacity. Budget cuts in many states’ HIV/AIDS and other infectious disease programs in health departments have resulted in hiring freezes and the elimination of staff positions, resulting in less capacity for the completion of the required reports (NASTAD, 2010).
- 9
Many PLWHA migrate to different jurisdictions following an HIV diagnosis. One study of migration patterns after HIV diagnosis among 760 HIV-infected adults residing in the southern United States found that 226 (30 percent) moved after testing HIV positive (Agee et al., 2006). In another study involving a national probability sample of 3,014 PLWHA, 17 percent of respondents made a move to a different state or noncontiguous county following an HIV diagnosis. These findings suggested that PLWHA are more likely to move than non-infected persons in the general population and are almost twice as likely to move out of state (Berk et al., 2003). Reasons for moving, especially for PLWHA in small or rural communities, may be to gain access to better HIV medical care, to obtain financial assistance, or due to fear of stigma and confidentiality issues (Agee et al., 2006; Berk et al., 2003).
- 10
The full list of PHI includes the following: names; postal address information, other than town or city, state and zip code; telephone numbers; fax numbers; electronic mail addresses; Social Security numbers; medical record numbers; health plan beneficiary numbers; account numbers; certificate or license numbers; vehicle identifiers and serial numbers, including license plate numbers; device identifiers and serial numbers; web Universal Resource Locators (URLs); Internet Protocol (IP) address numbers; biometric identifiers, including finger- and voiceprints; and full face photographic images and any comparable images. 45 CFR
164.514(e)(2) (HHS, 2003).- 11
These transactions include claims, benefit eligibility inquiries, referral authorization requests, or other transactions for which HHS has established standards under the HIPAA Transactions Rule (HHS, 2003).
- 12
“Public health authorities” are “legally authorized to collect or receive the information for purposes of preventing or controlling disease, injury, or disability.” They include any “entity working under a grant of authority from a public health authority, or when directed by a public health authority, to a foreign government agency that is acting in collaboration with a public health authority” (CDC, 2003).
- 13
A data use agreement establishes the permitted uses and disclosures of such information by the recipient, consistent with the purposes of research, public health, or health care operations; limits who can use or receive the data; and requires the recipient to agree not to reidentify the data or contact the individuals. The agreement must contain assurances that the recipient will use appropriate safeguards to prevent use or disclosure of the data other than as permitted by HIPAA and the data use agreement, or as required by law (OCR, 2003).
- 14
The Privacy Rule designates two ways in which a covered entity can determine that health information is de-identified. Under the “Safe Harbor” approach, a covered entity may consider data to be de-identified if that entity removes identifiers and has no reason to believe that the remaining information could be used to identify a person. Alternatively, a covered entity may consider data to be de-identified if “a qualified statistical or scientific expert concludes, through the use of accepted analytic techniques, that the risk the information could be used alone or in combination with other reasonably available information, to identify the subject is very small” (HHS, 2010).
- 15
Where data are released for public health activities, HIPAA-covered entities are required to make a listing of all disclosures of an individual’s protected health information made by the covered entity or its business associates for up to 6 years preceding the request (HHS, 2003).
- 16
“Records” refer to “any information, whether recorded or not, relating to a patient received or acquired by a federally assisted alcohol or drug program” (SAMHSA, 2004).
- 17
Broadly defined, “federally assisted” programs are those that receive direct federal funding, but also have a tax-exempt status from the Internal Revenue Service (White and Daniel, 2009). For-profit drug and alcohol treatment programs and private practitioners who do not receive federal assistance are not subject to the requirements of Part 2, unless state law requires them to comply with Part 2 (SAMHSA, 2004, 2010).
- 18
This may include name, address information, Social Security number, fingerprint, photograph, or similar information by which the identity of a patient can be determined with reasonable accuracy and speed either directly or by reference or through verification with another party (42 CFR 2.11).
- 19
A qualified service organization provides services to a Part 2 program, such as data processing, bill collecting, dosage preparation, laboratory analyses, or legal, medical, accounting or other professional services, and has entered into a written agreement with a program under which that person acknowledges that in receiving, storing, processing or otherwise dealing with any patient records from the programs, it is fully bound by these regulations (SAMHSA, 2010).
- 20
States expressly prohibiting redisclosure of HIV-related information were Arizona, California, Connecticut, Delaware, Florida, Hawaii, Maine, New Mexico, New York, Ohio, Oregon, Pennsylvania, Washington, West Virginia, and Wisconsin.
- 21
At the federal level, mental health treatment information is protected under the HIPAA Privacy Rule, which addresses all types of health care information.
- 22
As of 2008, about half of the states had laws that expressly allowed or required clinical laboratories to release test results to authorized providers who requested the test. In some of these states, test results may be released only to the person who ordered the test; in other states, the law enumerates the health care providers who are authorized to order tests and receive results (Pritts et al., 2009a).
- 23
Where state law does not specify who is authorized to receive test results, clinical laboratories may send results only to persons who ordered the test or who are responsible for using the test (Pritts et al., 2009a).
- Barriers to the Collection of HIV Care Data - Monitoring HIV Care in the United ...Barriers to the Collection of HIV Care Data - Monitoring HIV Care in the United States
Your browsing activity is empty.
Activity recording is turned off.
See more...