CHIME Weighs in on Proposed HIPAA Disclosure Rules
Proposed federal rules requiring providers and payers to let patients know when anyone accesses their electronic medical records would be difficult to meet and should be scaled back, says a comment letter filed by the College of Healthcare Information Management Executives.
Ann Arbor-based CHIME contends that the federal government's rules rely too much on technical capabilities that aren't widely available and fail to acknowledge the amount of human intervention necessary to achieve compliance.
The group's primary concern is a requirement that would extend responsibility for protected health information contained within a designated record set to include a new right to a consolidated access report. CHIME contends that DRSs are "too broadly defined and too variable in today's health IT environment," and that the ability to aggregate hundreds or thousands of access events in any automated fashion "is not realistic for most covered entities."
The reports would identify who has accessed a patient's protected health information so a patient would know if a specific person had looked at it.
CHIME, which represents more than 1,400 CIO members as well as healthcare IT vendors and professional services firms, wants the access report requirement dropped. But if the requirement remains in the rule, then CHIME suggests that only data gathered through certified electronic health records, not the full array of designated record sets, should populate the access reports.
- Medical Errors Third Leading Cause of Death, Senators Told
- 4 Tectonic Shifts Shaking Up Healthcare
- As States Regulate Provider Competition, Common Threads Emerge
- CVS Ramps Up Retail Clinics with Provider Affiliations
- Chronic Disease Care Costs Get Bipartisan Attention
- CareFirst Announces PCMH Program Results
- Mayo Tops U.S. News Best Hospitals Rankings
- Hospitals Seeking to Understand PPACA Impact Turn to Data
- Telemedicine Providers Welcome AMA Guidelines
- The case for concierge medicine