Proposed HIPAA Disclosure Rule, Explained

Now that the Department of Health & Human Services has released its proposed rule governing privacy disclosures related to electronic health records, covered entities and business associates can begin to parse what the rule would mean in terms of reporting and compliance.

2 comments on "Proposed HIPAA Disclosure Rule, Explained"
Dan Berger (6/9/2011 at 11:37 PM)

In mid-to-late 2012, business associates and their subcontractors will have the same obligations as covered entities under the HIPAA Security Rule [INVALID] and therefore must conduct their own HIPAA security risk assessments. Sue McAndrew, Deputy Director for Health Information Privacy at the Office of Civil Rights (OCR), has called the extension of direct liability to business associates "a sea change" in the regulations.
Kim Corrigan (6/3/2011 at 10:34 AM)

The intent of HIPAA was to protect individuals' health care information. The intent of EMR was to streamline and coordinate care across systems. The concept of disclosure should already have been built into the systems if the true intent was/is to protect the individual. Any other intent would defer on the side of government and/or for-profit health care plans having access and ability to manipulate the delivery of care without an individual's knowledge. Any access/changes/decisions to an individual's health records in any form should be visible to the individual (and any designee) with a look back period of 3 years. If we can see who accessed a credit report, we should certainly be able to see who accessed our health records.


FREE e-Newsletters Join the Council Subscribe to HL magazine


100 Winners Circle Suite 300
Brentwood, TN 37027


About | Advertise | Terms of Use | Privacy Policy | Reprints/Permissions | Contact
© HealthLeaders Media 2014 a division of BLR All rights reserved.