We are getting ready to dump all of our historical data into our immunization registry called CHIRP(Indiana's). We ask the question if we needed the patients's consent to give their information to the registry. We have been told through a consultant(he is the senior security advisor) the following information.
Because submitting data to CHIRP
is not mandated (it will be required on 7/1/2015) by law. You will have
to seek a consent from the patients. After 7/1/2015, when it becomes a
state law you won’t need to document the authorization, but you will want to
include the practice of submitting immunization data to CHIRP in the Notice of
Privacy Practices that are distributed to patients.
Starting in 7/1/2015, patients
can also opt out of having data submitted to CHIRP, so you will want to have a
process to inform patients and accept those exemptions if they were to arise.
Has anyone else ran across this as far as a HIPAA