Q&A: Sharing health information across state lines
Q: Does the HIPAA Privacy Rule prevent the sharing of electronic health information across states or jurisdictions?
A: No. There may be state privacy laws in place that require you to obtain an authorization before sending the data across state lines. This could apply to PHI related to mental health or HIV/AIDS. If you are contracting with a BA outside your state or jurisdiction, or even outside the U.S., data sharing is permissible as long as a valid BAA has been executed. HIPAA is not a barrier to interstate or intercountry transfer of PHI.
Editor’s note: Chris Apgar is president of Apgar & Associates, LLC, in Portland, Oregon. He is also a BOH editorial advisory board member. This information does not constitute legal advice. Consult legal counsel for answers to specific privacy and security questions. Opinions expressed are those of the author and do not represent HCPro or ACDIS.