Certain types of PHI, with special or non-standard privacy requirements, must be restricted from “leaving” OpenEMR, in printable, downloadable, or electronic transmission of PHI.
Similiar to how the conditions to be reported for Electronic Syndromic Surviellance are determined at the state level, the set of Restricted PHI can vary at the state level.
An example set of restricted PHI is:
HIV/AIDS
Mental Health
Substance Abuse/Dependency
Domestic/Sexual Abuse
Abortion
Genetic Information
PHI of minors
Are there any other types of PHI that might be restricted?
How should OpenEMR implement a system to restrict reporting of a PHI, the set of which can vary by state? Should a flag system be implemented, that reporting code like createCCR.php will check, to prevent restricted PHI from appearing in reports?
Through HIPAA-Deidentification feature, we’ve provided an algorithm/interface to obtain the Limited Data set or De-identified data that HIPAA is recommending from the existing PHI.
We believe Restricted PHI is different from that. Which MUO does this belong to?
This is not an associated with stage 1 meaningful use which does not address electronic transmission of PHI. Electronic
transmission of some PHI types is restricted at the federal level (behavior health) and others at the state level (NJ - sexually
transmitted disease). In addition to capability of total restriction of electronic transmission of PHI via the “opt-in/out” field
recently established in OpenEMR via MUO #8, I need a general purpose capability to flag certain coded values to inhibit
electronic transmission, or if not coded, some other way to to prevent electronic transmission of such restricted PHI.
We can store the details of PHI which needs to be prohibited in a separate table.
Whenever we are transferring the PHI, we can have a common function which checks whether the transferred PHI is not a prohibited one by comparing with the database. If the PHI is of prohibited type, then that can be displayed with “XXXXX” kind of stuff…