HIPAA Access Reports Could Aid Malpractice Attorneys
Frank Ruelas, director of compliance and risk management at Maryvale Hospital and principal of HIPAA College in Casa Grande, AZ, says the access reports could detect patterns of inappropriate access.
The proposed provision does not include a requirement to show how long a person viewed a medical record. However, the date and time must be noted, which can be problematic, according to Ruelas. "If [a staff member] works from 8 to 5, and there are access report entries before 8 or after 5, this might be worth more investigation."
Ruelas says this could boost a lawyer's argument because if the CE does not have an adequate monitoring or auditing process, "a lawyer seeing that [the staff member] is repeatedly looking at records before 8 a.m. can invite some very interesting questions."
"If someone is listed on the report as 'viewed' under 'action' over and over again, and this has gone undetected, this can also be a problem," Ruelas adds.
The new requirement not only provides easier access for patients concerning who accessed their record, but also, according to Ruelas:
- What systems were queried to get the data
- Whether the organization is fulfilling its commitment to safeguarding user access to ePHI (e.g., access IDs, unique IDs, etc.)
- Whether the CE reviews reports indicating unusual access patterns
Ruelas calls the process of finding culprits who access records inappropriately a "very laborious task with an element of luck."
Dom Nicastro is a contributing writer. He edits the Medical Records Briefings newsletter and manages the HIPAA Update Blog.
- The Secret to Physician Engagement? It's Not Better Pay
- Two-Midnight Rule Must be Fixed or Replaced, Say Providers
- Yale New Haven Health Partners with Tenet Healthcare in CT
- Don't Underestimate Emotional Intelligence
- 4 Reasons PCMH Principles Aren't Going Away
- Care Coordination Tough to Define, Measure
- Size Matters in Antibiotic Overuse
- Evidence-Based Practice and Nursing Research: Avoiding Confusion
- SCOTUS Review of NC Board Case 'A Very Big Deal' to Providers
- CDC Warns of Antibiotic Overuse in Hospitals