Crack down on unauthorized use and disclosure of PHI with your EHR's audit log
HIM Connection, April 28, 2009
Want to receive articles like this one in your inbox? Subscribe to HIM Connection!
Editor’s note: This article went to press prior to the issuance of a formal regulation related to accounting of disclosures, including what covered entities must include in such accounting. Covered entities should not take final action until such regulations are promulgated.
If you’re thinking about taking advantage of the incentive payments for EHR implementation under the American Recovery and Reinvestment Act (ARRA) of 2009, keep in mind that there are stringent requirements related to patient privacy and enforcement.
Currently, patients can request an accounting of protected health information (PHI) disclosures dating back six years from the request. HIPAA doesn’t require accounting of disclosures for treatment, payment, and healthcare operations (TPO). However, ARRA specifies that when a covered entity uses an EHR, patients may request up to three years’ worth of information, including TPO, when disclosures are made from an EHR.
Editor’s note: For more information on audit logs or to purchase a copy of this article for $10, visit the HCPro Web site. Subscribers to Medical Records Briefing can access this article in the May issue of the newsletter.
Want to receive articles like this one in your inbox? Subscribe to HIM Connection!
Related Products
-
Guide to HIPAA Auditing, Second Edition
This new edition of a best-selling book delivers the hands-on tools and guidance you need to conduct effective in-house...
-
The No-Hassle Guide to HIPAA Policies: A Privacy and Security Toolkit
HIPAA regulations require extensive documentation—likely more than you've done in the past. Changing the way you look...
-
The HIPAA and HITECH Toolkit
The HIPAA and HITECH Toolkit is a valuable resource that helps both CEs and BAs understand and meet the HITECH Act's...
-
HIPAA Handbook for Coders, Billers and HIM Staff
Train all of your staff members with this handbook and others in the 2009 HIPAA Handbook Series. Ensure they understand...
-
ICD-10 Trainer
ICD-10 Trainer is a bi-weekly e-newsletter with the latest tips from the experts about how to get ready for the new coding...
Most Popular
- Articles
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Catch up on what's new with injections and infusions
- Identify potential Medicaid RAC target areas
- HIPAA Q&A: Level of encryption needed for email
- Topic: CMS, OESS post new security compliance review information, checklist
- Capturing all necessary codes for IUD insertion and removal can be challenging
- What does case-mix index mean to you?
- OB services: Coding inside and outside of the package
- QA:Coding multiple initial infusions
- E-mailed
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- HIPAA Q&A: Level of encryption needed for email
- Q&A: Follow CMS' coding guidelines when using modifier -25
- What does case-mix index mean to you?
- Catch up on what's new with injections and infusions
- CMS has reformulated payments for some bilateral procedures
- New conflicts of interest create new challenges
- Q/A. One injection code or two?
- ED-to-inpatient transfers are flawed with safety gaps
- Searched