AHIMA: Proposed HIPAA Access Requirement a 'Significant Burden'
Because many entities do not have the ability to meet the technical requirements, OCR should delay its proposed compliance dates, AHIMA says. Currently compliance with the access reports provision is January 1, 2013, for electronic DRS systems acquired after January 1, 2009, and beginning January 1, 2014, for electronic DRS systems acquired prior to 2009.
Further, access reports should carry only identifiers for the work force members rather than actual names, AHIMA says. Patients asking who viewed their medical records often have a specific individual in mind, such as a former spouse, AHIMA says.
HIM professionals have reported to AHIMA several situations where employees have been stalked after their names are released to patients.
"While we fully support the requirement allowing an individual to have knowledge of access, we also want to protect the workplace staff of the covered entity," AHIMA states in its comments. "AHIMA supports narrowing the requests to specific individuals when possible. In some treatment environments (e.g., emergency departments and psychiatric facilities), providers are permitted to use pseudonyms to avoid patients stalking or contacting them outside the workplace. Access accounting would require facilities to share the legal names of their providers which defeat the protections that have been in place for long periods of time."
- Antibiotic Overuse a 'Huge Threat' to Patient Safety, Says CDC
- CFO Exchange: Smartphones Poised to Disrupt Healthcare, Says Topol
- Consumerism Drives Healthcare Branding, Rebranding Efforts
- 3 Traits Personality Assessments Can't Reveal
- PA Ranks See 'Phenomenal Growth,' Lack of Diversity
- CHS Hacked, 4.5M Patient Records Compromised
- CFO Exchange: Healthcare Leaders Share 5 Innovative Ideas
- Business Roundup: M&A Activity Down Slightly in First Half of 2014
- Large Employers Trimming Healthcare Spending
- Carondelet to Pay $35M to Settle Fraud Allegations