Technology
e-Newsletter
Intelligence Unit Special Reports Special Events Subscribe Sponsored Departments Follow Us

Twitter Facebook LinkedIn RSS

AHIMA: Proposed HIPAA Access Requirement a 'Significant Burden'

Dom Nicastro, for HealthLeaders Media, July 28, 2011

A proposal that would require hospitals to give patients, on request, information about anyone who accessed their health records would be costly, time-consuming, and could potentially put healthcare workers in danger from "stalkers" armed with the names of hospital employees, the American Health Information Management Association (AHIMA) says.

Chicago-based AHIMA, the non-profit association for HIM professionals, released public comments Wednesday that it submitted to the Office for Civil Rights (OCR) regarding the "HIPAA Privacy Rule Accounting of Disclosures under the Health Information Technology for Economic and Clinical Health Act" proposed rule.

The disclosure rule, required by HITECH and published in the Federal Register May 31, updates the HIPAA Privacy Rule accounting of disclosures provision and creates an "access report" requirement. The new provision includes an accounting of who accessed electronic health information in a designated record set, for any reason. It covers both uses and disclosures, regardless of the purpose.

All such DRS systems should be capable of logging access, according to the proposed rule. OCR expects covered entities and business associates to generate access reports for each electronic DRS and aggregate it into a single electronic access report.

However, that would "cause a significant burden for covered entities and their EHR vendors" because current systems do not support such a requirement. The association suggests CEs and BAs respond to these patient requests on an ad hoc basis "rather than require significant systems and process changes that will raise the cost of healthcare for what appears to be a very limited number of requests."

1 | 2 | 3

Comments are moderated. Please be patient.

2 comments on "AHIMA: Proposed HIPAA Access Requirement a 'Significant Burden'"


LindaJoyAdams (8/2/2011 at 1:54 PM)
Conflicts of interest can exist. In my case, the same company that has control of my federal workers compensation claim and refusing to set up my computer files, etc. now has subsidiary doing the billing for a mega medical university clinics and I lost medical care over it as they had to ' bill themselves, even refusing to code the claims to my employer group health plan and medicare as' w/c related so their govt contractor could send out recovery letters' The nature of IT is that often companies are financially interlocked with each other and nations are finding themselves under the control of these few interlocking companies. In 2014 ' everyone' will be under the 'federal plan' in control of this company's interlocking conglomerate as the office of personnel contractors. Those under the federal plan' already find constitutional abuses are rampant and deaths have resulted from obstruction of medical care. The privatizing of state and federal civil services to govt contractors that Congress made immune from criminal prosecutions and even internal audits and IRS can't collect taxes from either; has resulted a coup d'etat of most federal and state agencies and our govt. ( My w/c is an established case, ' they' just decided should not exist and have refused to process 11 years of oxygen claims in a real, documented death panel decision when owcp put me on it for life. The bills got dumped onto medicare and even their appellate judge's decisions that these are w/c's bills and wants monies back is met with throwing the request away as judge's orders are irrelevant to those ' out of control ' contractors. Doctor's should be in charge of patient health care and its become impossible for many to care for their patients in this system as their training and knowledge are replaced by profit motives. Linda Joy Adams injured 1/10/89, yet tried to work multiple times after that.

C. Anderson (8/1/2011 at 1:55 PM)
I doubt the veracity of concerns. One would thing, the health care providers should have procedures and resources in place for data integrity and security as well as handling special cases such as providing copies in for subpoena response. This measure would also bring the level of data integrity in line with the stronger European standards.