Corporate Compliance

Q. Are the JCAHO and other accrediting agencies considered health oversight agencies such that we can disclose information to them without authorization?

Compliance Monitor, May 13, 2005

Q. Are the JCAHO and other accrediting agencies considered health oversight agencies such that we can disclose information to them without authorization?

A: No. The definition of health oversight agency does not include private organizations, such as private-sector accrediting groups.

Accreditation organizations perform healthcare operations functions on behalf of health plans and covered providers. Accordingly, to obtain PHI without individuals' authorizations, accrediting groups must enter into business associate agreements with health plans and covered providers.

Similarly, private entities (e.g., coding committees) that help government agencies make coding and payment decisions perform healthcare payment functions on behalf those government agencies. Therefore, they must also enter into business associate agreements to receive PHI from the covered entity.

Editor's note: Attorneys from Bricker and Eckler LLP answered this question. For more information, go to Section 164.501 Definitions: Health Oversight Agency.

Most Popular