The Department of Health and Human Services has proposed a federal rule that would require hospitals, physicians, and health insurers to let patients know when their electronic medical records are accessed.
The rule would be a statutory requirement under the Health Information Technology for Economic and Clinical Health Act (HITECH). It would apply to any hospital, physician office, or health plan employees who have access to patient records.
Highlights of the proposed disclosure rule:
- Applies to any medical and healthcare payments records as well as any records used to make medical decisions about a patient.
- Includes all electronic health information and not just electronic health records.
- Excludes peer review files used only to improve care for the general patient population.
- Requires that access information be kept in access logs and include the name and address of the person, a brief description of the type of health information disclosed, and the date and time of the access. In addition, any changes to the record, including modifications, must be disclosed.
- No reason for accessing the record need be disclosed.
- A fee may be charged for the information. However, the first 12 months of a request must be provided free of charge.
- Information requested must be provided within 30 days in a form and format that can be reproduced by the individual requesting the information.
- Hospitals, physicians, and health insurers will not be liable for the information once it is delivered.