Advise
"Dear Risk Manager..."
Dear Licensed Risk Manager,
Are there JCAHO and other accrediting agencies considered health oversight agencies such that we can disclose information to them without authorization?
Signed, administrator
Dear Administrator,
No, The definition of health oversight agency does not include private organizations, such as private-sector accrediting groups.
Accreditation organizations perform healthcare operations functions on behalf of health plans and covered providers. Accordingly, to obtain PHI without individuals' authorizations, accrediting groups must enter into business associate agreements with health plans and covered providers.
Similarly, private entities (e.g., coding committees) that help government agencies make coding and payment decisions perform healthcare payment functions on behalf of those government agencies. Therefore, they must also enter into business associate agreements to receive PHI from the covered entity.
Editor's note: Attorneys from Bricker and Eckler LLP answered this question. For more information, go to Section 164.501 Definitions: Health Oversight Agency.
Benedict and Associates, Inc. - The Risk Management Professionals