A querying entity requires a reason, or Purpose of Use, to retrieve a patient's data. This ensures that only relevant parties have access to a patient's PHI for specific use cases. These Purposes of Use are outlined in the HIPAA Privacy Rule and the HIPAA Security Rule.
In order to access data via Particle's APIs, your Purpose of Use must be supported by the implementer and the network you are querying. For example, an organization within Carequality needs to support the Patient Access Purpose of Use for us to gather data from that implementer, but also Carequality themselves must support that Purpose of Use.
Network members widely support the Treatment Purpose of Use, and it's the most common use case for Particle's platform. As per the HIPAA Privacy Rule, "Treatment is the provision, coordination, or management of health care and related services for an individual by one or more health care providers, including consultation between providers regarding a patient and referral of a patient by one provider to another."
Following the ONC’s Cures Act Final Rule, Patient Request (in some networks, called Patient Access) has become a Purpose of Use that more and more implementers seek to support. The HIPAA Privacy Rule "generally requires HIPAA covered entities (health plans and most health care providers) to provide individuals, upon request, with access to the protected health information (PHI) about them in one or more 'designated record sets' maintained by or for the covered entity. This includes the right to inspect or obtain a copy, or both, of the PHI, as well as to direct the covered entity to transmit a copy to a designated person or entity of the individual’s choice."
Updated almost 2 years ago
Get started with the Particle Health platform, or continue reading up on purposes of use and how they relate to HIPAA