Where We Stand:
The Academy of Managed Care Pharmacy (AMCP) supports protection of patient confidentiality and endorses the responsible use of patient identifiable medical and prescription drug information by authorized pharmacists, physicians, and other health care professionals.
Patients must be assured that their personal, private medical information will not be seen by anyone who does not have a legitimate reason to view the data.
The enactment by Congress of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) established standards and requirements for the use and disclosure of patient “personal health information” (PHI) and gives patients’ rights with respect to their medical records. AMCP supports the HIPAA standards that restrict the unauthorized use and disclosure of individually identifiable health information, but which permit an exception with respect to those instances where the information is related to treatment, payment and health operations. HIPAA standards are applicable to electronic health care transactions and require compliance by “covered entities” which are defined as health plans, health care clearinghouses that process health care information, and providers of health care services. For purposes of this position statement, “health organization” would include both health plans and health care clearinghouses.
AMCP believes that regulatory implementation of HIPAA as well as state patient confidentiality laws pertaining to the use of patient identifiable information must be carefully considered so that they will not hinder the effective delivery and administration of pharmacy benefits. There is a need to balance requirements with appropriate and workable rules regarding information use in the health care system. Most importantly, implementation of these laws should not disrupt or impede the timely delivery of health care to patients. In addition, confidentiality requirements must not impose unnecessary administrative burdens on patients, health organizations, or providers of care. AMCP opposes imposition of regulatory restrictions that would restrict oral, electronic and written communications intended to provide necessary and important information between and among health organizations, providers of care, and patients.
Health plans, providers, and pharmacy benefit managers have long recognized the importance of maintaining the confidentiality of patient identifiable medical information. For this reason, health organizations use patient identifiable information only when it is essential to assure safe, accurate and efficient delivery and coordination of health care services. When patient identifiable information is not necessary for the administration of a health benefit, health organizations have developed methods to separate the identity of the patients from their medical information.
Managed care pharmacists rely on patient identifiable information to protect the patient against inappropriate medication uses, such as combinations of medications that may result in dangerous interactions, drugs to which a patient may be allergic, or drugs that may be contraindicated in the presence of certain illnesses or pregnancy. This review process is not always apparent to the patient. Legislation and regulations intended to protect patients from the inappropriate disclosure of their medical information must not hinder the systems that are designed to protect their health and welfare.
There are other important uses of patient identifiable medical and pharmacy information that make access to it essential to providing effective health care. Examples include measuring quality of health care, assessing patient satisfaction, preventing fraud and abuse, and coordinating payment for health care services. These uses are essential to the effective administration of the pharmacy benefit.
Quality measurements aid in holding health plans accountable and ensure cost‐effective, improved patient care. Such programs1 must start with individual level patient data in guiding the plans in improving overall delivery of care. Patient identifiable information is also used as the basis for constructive feedback to the patient’s physician on how he or she is treating the patient.
AMCP believes that disclosure of patient identifiable information, aside from the purposes described above, should only be permitted when the patient agrees to the disclosure.
It is important to note that there are valid uses of medical and pharmacy information in which patient identification is not necessary. Examples include epidemiological or community based research, reporting of quality performance to regulatory agencies and accrediting organizations like JCAHO and NCQA, and reporting drug use patterns for financial rebate purposes. In these instances, AMCP believes it is essential that patient names, addresses, or other unique identifiers be stripped from the data.
AMCP Where We Stand series: https://www.amcp.org/policy-advocacy/policy-advocacy-focus-areas/where-we-stand-position-statements
Reapproved by the AMCP Board of Directors, July 2016
1 Quality measurement programs most commonly used include the Health Plan Employer Data and Information Set (HEDIS) and standards for accreditation of health plans issued by the Joint Commission on Accreditation of Healthcare Organizations (JCAHO) and the National Committee for Quality Assurance (NCQA).