FAQs Categories

Authorizations (30)
Business Associates (42)
Compliance Dates (2)
Covered Entities (14)
Decedents (8)
Disclosures for Law Enforcement Purposes (7)
Disclosures for Rule Enforcement (2)
Disclosures in Emergency Situations (2)
Disclosures Required by Law (6)
Disclosures to Family and Friends (28)
Disposal of Protected Health Information (6)
Facility Directories (7)
Family Medical History Information (3)
FERPA and HIPAA (10)
Group Health Plans (2)
Health Information Technology (36)
Incidental Uses and Disclosures (10)
Judicial and Administrative Proceedings (8)
Limited Data Set (5)
Marketing (18)
Marketing - Refill Reminders (16)
Mental Health (35)
Minimum Necessary (14)
Notice of Privacy Practice (20)
Personal Representatives and Minors (13)
Preemption of State Law (10)
Privacy Rule: General Topics (12)
Protected Health Information (2)
Public Health Uses and Disclosures (14)
Research Uses and Disclosures (20)
Right to Access and Research (59)
Right to an Accounting of Disclosures (8)
Right to File a Complaint (1)
Right to Request a Restriction (2)
Safeguards (13)
Security Rule (25)
Smaller Providers and Businesses (148)
Student Immunizations (8)
Transition Provisions (3)
Treatment, Payment, and Health Care Operations Disclosures (30)
Workers Compensation Disclosures (5)

May a health care provider disclose protected health information to a health plan for the plan's Health Plan Employer Data and Information Set (HEDIS)?

Answer:

Yes, the HIPAA Privacy Rule permits a provider to disclose protected health information to a health plan for the quality-related health care operations of the health plan, provided that the health plan has or had a relationship with the individual who is the subject of the information, and the protected health information requested pertains to the relationship. See 45 CFR 164.506(c)(4). Thus, a provider may disclose protected health information to a health plan for the plan’s Health Plan Employer Data and Information Set (HEDIS) purposes, so long as the period for which information is needed overlaps with the period for which the individual is or was enrolled in the health plan.

Date Created: 12/19/2002

Content created by Office for Civil Rights (OCR)
Content last reviewed on July 26, 2013

FAQs Categories

May a health care provider disclose protected health information to a health plan for the plan's Health Plan Employer Data and Information Set (HEDIS)?

Answer:

Connect With OCR

Office for Civil Rights Headquarters