Skip Navigation U.S. Department of Health and Human Services www.hhs.gov
Agency for Healthcare Research Quality www.ahrq.gov
AHRQ Home | Questions? | Contact Us | Site Map | What's New | Browse | Información en español | E-mail UpdatesE-mail Updates
www.ahrq.gov
""
MEPS Home Medical Expenditure Panel Survey
FAQ Contact MEPS Espanol Site Map
 
""
 

MEPS
Medical Expenditure Panel Survey

Pharmacy Participants’ Corner

Confidentiality/HIPAA

Confidentiality of MEPS Data

All information for MEPS is collected with assurances of confidentiality. Under the survey’s authorizing legislation, unauthorized disclosure of survey data is subject to substantial fines. The authorizing legislation stipulates that the collected data are to be used for research purposes only.

Section 913(a) of the Public Health Service Act (as amended in the Healthcare Research and Quality Act of 1999) mandates the data collection activity carried out as MEPS. The confidentiality of MEPS data is addressed in Section 924 (c) of the Act:

No information, if an establishment or person supplying the information or described in it is identifiable, obtained in the course of activities undertaken or supported under this title may be used for any purpose other than the purpose for which it was supplied unless such establishment or person has consented (as determined under regulations of the Director) to its use for such other purpose. Such information may not be published or released in other form if the person who supplied the information or who is described in it is identifiable unless such person has consented (as determined under regulations of the Director) to its publication or release in other form.

HIPAA Compliance

The Privacy Rule of The Health Insurance Portability and Accountability Act of 1996 establishes rules to protect individuals’ personal health information from inappropriate disclosure. The Act specifies circumstances under which health care providers (referred to as "covered entities" in the regulations) can release information that identifies patients and the care provided to them. Providers now routinely notify patients of their privacy practices and have their patients provide a written acknowledgement of their consent.

Although the Act specifies circumstances under which a covered entity may release personal health information (PHI) without the consent of the patient, MEPS contacts medical providers and pharmacies only for patients who have specifically consented to the release of their personal information. This consent is documented through the patient’s signature on the MEPS authorization form (PDF 202 KB, or HTM 6 KB), a copy of which is provided to each medical provider contacted for the study.

The MEPS authorization form (PDF 202 KB, or HTM 6 KB) was redesigned in 2002 to meet the HIPAA requirements for authorization forms described in Section 164.508(c) 45 CFR 164. The revised form was reviewed and deemed HIPAA compliant by the Westat IRB.

Beyond HIPAA

HIPAA’s protections do not extend to cover personal health information after a covered entity has released it to a third party. All information collected in MEPS, however, is covered by the confidentiality requirements provided by the legislation under which the study is conducted. This law requires that all identifying data collected for the study – whether from the individual household respondents or from their medical providers – be treated as confidential. As with HIPAA, this law imposes penalties for unauthorized disclosure of protected information. By cooperating with the request for voluntary release of the medical records, your entity becomes a MEPS participant covered by AHRQ’s confidentiality statutes. Data that would identify you may not be disclosed without your consent.

MEPS HOME . MEPS FAQ . CONTACT MEPS . MEPS SITE MAP . MEPS PRIVACY POLICY . ACCESSIBILITY TOOLS
""