NRPM: Standards for Privacy of Individually Identifiable Health Information. a. Importance of oversight and need for protected health information.


Oversight activities are critical to support national priorities, including combating fraud in the health care industry, ensuring nondiscrimination, and improving the quality of care. The goals of public agencies' oversight activities are: to monitor the fiscal and programmatic integrity of health programs and of government benefit programs; to ensure that payments or other benefits of these programs are being provided properly; to safeguard health care quality; to monitor the safety and efficacy of medical products; and to ensure compliance with statutes, regulations, and other administrative requirements applicable to public programs and to health care delivery.

Oversight activities are a national priority in part because of the losses in the healthcare system due to error and abuse. For example, the HHS Office of Inspector General recently estimated losses due to improper Medicare benefit payments to be about seven percent. See "Improper Fiscal Year 1998 Medicare Fee-For Service-Payments," transmittal from Inspector General June Gibbs Brown to HCFA Administrator Nancy-Ann Min DeParle (February 9, 1999). Similarly, the final report of the President's Advisory Commission on Consumer Protection and Quality in the Health Care Industry concluded that "employing the extensive knowledge and expertise of organizations that oversee health care quality . . . is essential to quality improvement." (

There are certain oversight activities done as statistical inquiries that can be conducted without direct access to individually identifiable health information. However, many instances exist in which government oversight agencies, and private entities under contracting to act on their behalf, need to examine individually identifiable health information to conduct their investigations effectively. For example, to determine whether a hospital has engaged in fraudulent billing practices, it could be necessary to examine billing records for a set of individual cases. Billing abuses are detected by cross-checking the records of specific patients to see the medical documentation in support of a service. To determine whether a health plan is complying with federal or State health care quality standards, it may be necessary to examine individually identifiable health information . Other inquiries require review of individually identifiable health information to identify specific instances of the anomalies in treatment or billing patterns detected in statistical analysis. Even in most statistical inquiries of the type just described, in a paper environment particular patient charts must be examined, and the patient's name would be disclosed because it would be on each page of the chart.