Health Information Management

Crack down on unauthorized use and disclosure of PHI with your EHR's audit log

HIM-HIPAA Insider, April 28, 2009

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

Editor’s note: This article went to press prior to the issuance of a formal regulation related to accounting of disclosures, including what covered entities must include in such accounting. Covered entities should not take final action until such regulations are promulgated.

If you’re thinking about taking advantage of the incentive payments for EHR implementation under the American Recovery and Reinvestment Act (ARRA) of 2009, keep in mind that there are stringent requirements related to patient privacy and enforcement.

Currently, patients can request an accounting of protected health information (PHI) disclosures dating back six years from the request. HIPAA doesn’t require accounting of disclosures for treatment, payment, and healthcare operations (TPO). However, ARRA specifies that when a covered entity uses an EHR, patients may request up to three years’ worth of information, including TPO, when disclosures are made from an EHR.

Editor’s note: For more information on audit logs or to purchase a copy of this article for $10, visit the HCPro Web site. Subscribers to Medical Records Briefing can access this article in the May issue of the newsletter.



Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

Most Popular