6 Things to Know About the HIPAA Disclosures Proposed Rule
HIPAA experts say the major take-away from the HIPAA Privacy Rule disclosures proposed rule published May 31 in the Federal Register is the need to revisit existing auditing methods for disclosures of protected health information.
But let's take a closer look. For starters, it's already mandatory– regardless of what the proposed rule says.
The HIPAA Security Rule already requires audit tracking: Rule 45 CFR 164.312, technical safeguards, requires covered entities (CEs) (and now business associates, per HITECH) to "implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use ePHI."
Adam H. Greene, JD, MPH, of Davis Wright Tremaine LLP, based in Seattle, helped author the proposed rule during his time at the Office for Civil Rights (OCR). The 12-year health law veteran and key regulator for the Department of Health & Human Services (HHS), who left the government agency in April, says covered entities "are going to need to take a fresh look at their auditing procedures and what systems qualify as 'designated record sets (DRS).'"
The HITECH Act requires CEs and BAs to provide an accounting of disclosures of PHI through an electronic health records system for treatment, payment, and healthcare operations (TPO) dating back three years from such a request.
The proposed rule implements this requirement through the right to an "access report," which includes an accounting of who accessed electronic health information in a DRS, for any reason. This includes both uses and disclosures, regardless of the purpose.
- CEO Exchange: Preparing for Population Health
- Advocate, NorthShore Deal Would Create 16-Hospital System
- Better HCAHPS Scores Protect Revenue
- Narrow Networks Cut Costs, Not Quality, Economists Say
- 3 Strategies for Retaining Millennial Employees
- Power of price: In South FL and the nation, healthcare costs often are shrouded in secrecy
- Two NY hospitals to offer free hip and knee replacement surgeries for qualifying patients in December
- Hospital mergers may lead to higher prices
- Healthcare data of 1 million NJ patients compromised since 2009
- CEO Exchange: Pressure is On to Partner, Drive Quality