HIPAA Access Reports Could Aid Malpractice Attorneys
Frank Ruelas, director of compliance and risk management at Maryvale Hospital and principal of HIPAA College in Casa Grande, AZ, says the access reports could detect patterns of inappropriate access.
The proposed provision does not include a requirement to show how long a person viewed a medical record. However, the date and time must be noted, which can be problematic, according to Ruelas. "If [a staff member] works from 8 to 5, and there are access report entries before 8 or after 5, this might be worth more investigation."
Ruelas says this could boost a lawyer's argument because if the CE does not have an adequate monitoring or auditing process, "a lawyer seeing that [the staff member] is repeatedly looking at records before 8 a.m. can invite some very interesting questions."
"If someone is listed on the report as 'viewed' under 'action' over and over again, and this has gone undetected, this can also be a problem," Ruelas adds.
The new requirement not only provides easier access for patients concerning who accessed their record, but also, according to Ruelas:
- What systems were queried to get the data
- Whether the organization is fulfilling its commitment to safeguarding user access to ePHI (e.g., access IDs, unique IDs, etc.)
- Whether the CE reviews reports indicating unusual access patterns
Ruelas calls the process of finding culprits who access records inappropriately a "very laborious task with an element of luck."
Dom Nicastro is a contributing writer. He edits the Medical Records Briefings newsletter and manages the HIPAA Update Blog.
- NFP Hospitals' Revenue Growth at 'All-Time Low'
- CNO Leads $1M Charge for New Scrubs, Uniforms
- Transforming Cancer Care
- Acute Kidney Injury Gets New Focus
- Interventional Radiology No Longer a Sub-Specialty
- Sharp HealthCare Leaves Pioneer ACO Program
- Half of All Primary Care, Internal Medicine Jobs Unfilled in 2013
- mHealth Tackles Readmissions
- Proton Beam Therapy Poised for Growth in US
- MA an Insurance Proving Ground for Providers