• E-mail
• Print
• RSS

HITECH accounting of disclosures rule released

Compliance Monitor, June 1, 2011

Want to receive articles like this one in your inbox? Subscribe to Compliance Monitor!

On May 27 the Department of Health & Human Services (HHS) published a HITECH-required proposed rule on accounting of disclosures of electronic health records (EHR).

The rule will ultimately lay the foundation for the responsibilities of healthcare providers in terms of patient requests for disclosures on their electronic medical records. HITECH expands individuals’ rights to request accounts of disclosures. It also includes a new right for patients to request an “access report,” which will tell patients who exactly accessed and viewed their PHI. This right was not included in HITECH legislation.

“We believe that these changes to the accounting requirements will provide information of value to individuals while placing a reasonable burden on covered entities and business associates,” according to HHS in the proposed rule. “The process of creating a full accounting of disclosures is generally a manual, expensive, and time consuming process for covered entities and business associates.”

The Office for Civil Rights (OCR), the enforcer of the HIPAA privacy and security rules, published a notice in May 2010 asking for help crafting this proposed rule. OCR wanted to “better understand the interests of individuals with respect to learning of such disclosures, the administrative burden on covered entities and business associates of accounting for such disclosures, and other information that may inform [our] rulemaking in this area.”

Current law exempts reporting disclosures for treatment, payment, and healthcare operations purposes, but, per HITECH, patients must now be able to request an accounting of these types of electronic disclosures.

Want to receive articles like this one in your inbox? Subscribe to Compliance Monitor!

• E-mail to a Colleague
• Print
• RSS
• Archive