Top Skip to main content
  1. Pings Support Center
  2. Managing Provider
  3. Community Privacy

Additional Health Plan and ACO Use Restrictions for Entities who Provide a Roster with Patients/Members with a Current Vermont Address

Updated at - Updated

Bamboo Health provides data, to certain customers, from Vermont’s only health information exchange, the Vermont Health Information Exchange (“VHIE”), which is operated by Vermont Information Technology Leaders (“VITL”). Vermont limits the secondary uses of data from the VHIE through VITL’s Policy on Secondary Use of Protected Health Information on the VHIE by Health Plans and Accountable Care Organizations (“Secondary Use Policy”). As part of obtaining information from the VHIE, Bamboo Health is required to ensure that Health Plan and Accountable Care Organization clients that receive information regarding Vermont patients/members agree to comply the Secondary Use Policy’s limitations on the use of data.

Definitions

Accountable Care Organization” (“ACO”) means a legal entity that is recognized and authorized under applicable state and federal law, is identified by a tax identification number, and is formed by one or more providers that agree to work together to be accountable for providing coordinated high quality care to patients as established and authorized by the applicable federal, state or private health plan program contracting with the ACO.

Vermont Data” means PHI contained in admission, transfer or discharge data originating from Vermont-based Health Network Entities through VITL.

Health Plan” means a group health plan, health insurance company, health maintenance organization, a government health program, employee health benefit plan or other third-party payer of health care as defined in the HIPAA Privacy Regulations, 45 CFR 160.103 and who qualify as a Covered Entity under 45 CFR 160.103.

Vermont Health Information Exchange”, or “VHIE,” means the Vermont Health Information Exchange, an integrated electronic health information infrastructure operated by VITL for, among other things, the sharing of Vermont Data, provided to Customer through the Bamboo Health Services.

Vermont HP/ACOs” means a Health Plan or ACO that has a patient/member with a current Vermont home address. 

VITL” means Vermont Information Technology Leaders, Inc.

Permitted Purposes

Vermont HP/ACOs shall only use the Vermont Data received through the Bamboo Health Services solely for the following treatment, payment, or health care operations purposes as defined by the Secondary Use Policy:

  • Treatment: means the definition assigned to it by the HIPAA Privacy and Security Regulations at 45 C.F.R. § 164.501, including
      • The provision, coordination, or management of health care and related services by one or more health care providers, including but not limited to, services for the diagnosis, prevention, cure or relief of a health care injury or disease.
      • The coordination or management of health care by a health care provider with a third party, consultation between health care providers relating to a patient, or the referral of a patient for health care from one health care provider to another.
  • Payment:
      • Activities within the definition of Payment in the HIPAA Privacy and Security Regulations at 45 C.F.R. § 164.501 including precertification and preauthorization of services.
      • Payment does not include the use of Vermont Data for post-payment audits of services rendered, or for any disclosures to consumer reporting agencies.
  • Health Care Operations means the definition assigned to it by the HIPAA Privacy and Security Regulations at 45 C.F.R. § 164.501 except that use of Vermont Data shall be limited to the following activities:
      • Quality assessment and improvement activities for outcomes evaluation and development of clinical guidelines (not research).
      • Patient safety activities.
      • Population-based activities relating to improving health or reducing health care costs.
      • Protocol development.
      • Case management and care coordination.

Vermont Data may not be used for Payment or Health Care Operations activities other than those listed above.

As described in the Secondary Use Policy, Vermont Data may not be used for certain activities that are included within HIPAA’s definition of Payment or Health Care Operations. Therefore, Vermont Data may not be used for the following activities that would be otherwise permitted by HIPAA:  

  • The review, evaluation, training, accreditation, credentialing, or certification of health care professionals and providers.
  • Underwriting, enrollment, premium rating, or other health insurance management activities.
  • Medical review, auditing, and fraud and abuse detection, and business planning, development, and management.

Popular articles

Didn’t find what you’re looking for?
We can help.

SUBMIT A TICKET