Registries for Evaluating Patient Outcomes User ’ s Guide

1. Registries for Evaluating Patient Outcomes User’s Guide Beyond the Patient – Protection of Registry Data from Litigation and other Confidentiality Concerns For Providers, Manufacturers, and Health Plans Jane Hyatt Thorpe, JD

2. Protection of Registry Data • Growing use of registries • Support health information collection, access, research, quality measurement and improvement initiatives, safety initiatives, etc. • Public (federal and state) and private payors, professional associations, public health • Content may include private/confidential and/or proprietary information • Considerable attention to protecting privacy and confidentiality of individually identifiable health information about patients (e.g., HIPAA) • Less attention to privacy/confidentiality concerns of sources or other subjects of registries - providers, manufacturers, and health plans

3. Sources of Protection • Federal Laws and Regulations • AHRQ Confidentiality Statute • Patient Safety and Quality Improvement Act of 2005 • Quality Improvement Organization Statute and Regulations • HHS Certificate of Confidentiality • HIPAA Privacy Rule • Privacy Act of 1974 • Freedom of Information Act • Federal Trade Secrets Act • Federal Rules of Evidence and Civil Procedure • Patient Protection and Affordable Care Act

4. Sources of Protection, cont’d • State Laws and Regulations • Safe Harbor Laws • Peer Review Laws

5. Lots of Sources, But Very Narrow • No consistent or comprehensive protection • Available protections apply to very narrow set of activities • “Chilling effect” on registry development • Federal legislation? A delicate balance. • What type of data should be protected? • What types of registry activities should be protected? • What types of legal actions may require release of registry data?