The IRS recently issued a Q&A document clarifying a handful of questions raised by the memorandum on the EHR safe harbors issued last month.
One of the Q&A’s seems to represent significant backpedaling by the IRS from its earlier guidance, which said docs had to provide hospitals access to PHI except as prohibited by law. Now the IRS recognizes that the physician may have contractual obligations to patients and that the hospital and physician may negotiate terms and conditions of access. It’s the fifth of six points set forth in the latest guidance:
Q5 — What type of restrictions, if any, may a medical staff physician impose on the hospital’s access to electronic medical records created by the physician using the Health IT Items and Services subsidized by the hospital?
A5 – A physician may deny a hospital access to such records if that access would violate federal and state privacy laws or the physician’s contractual obligations to patients. Also, the hospital and physician may agree on reasonable conditions to the hospital’s access. For example, their agreement could allow the hospital to access a patient’s medical records only when that patient becomes a patient of the hospital, and could deny the hospital access to nonmedical information such as billing, insurance eligibility, and referral information.
Works for me.