The EHR Association fired back at a Health Affairs blog post suggesting federal agencies use HIPAA regulations to crack down on information blocking.
The blog post, written by Lucia Savage, chief privacy and regulatory officer at Omada Health, noted HIPAA prohibits business associates — such as EHR developers — from using protected health information for their own business operations.
According to Ms. Savage, an understanding of HIPAA would help agencies like HHS' Office of Inspector General strengthen its position on interoperability. "The OIG should make clear that the protected health information in the custody of the EHR developers is not theirs to monetize," she wrote.
However, the organization of EHR developers asserted strides toward information sharing would be more viable in a system that clarifies regulations, rather than one that adds penalties.
"Layering on additional theories aimed at providers and developers wrapped in HIPAA adds little and unproductively makes the focus of interoperability one of compliance rather than meeting the real data-sharing needs of providers and their patients, a task to which our members are committed," the EHR Association executive committee wrote.
The EHR Association went on to say Ms. Savage's post makes "inflammatory and inaccurate assertions about EHR vendors" and that "it is inconceivable to us that a vendor would not 'allow' sharing of data with a registry just because it is not a customer."