HHS Proposes Changes in HIPAA Record-Sharing Privacy Rule

HIPAA was established with the objective of ensuring that patient healthcare information is guarded against illicit use and unauthorized sharing. There have been continuous changes in the HIPAA guidelines since its inception with the aim of making the process of upgrading to the benchmarks set for guarding patient data, undemanding and effective. In continuation with this trend, a Notice of Proposed Rulemaking that seeks to create greater accounting for disclosure requirements as defined by the Health Insurance Portability and Accountability Act or HIPAA Privacy Rule has now been issued. This Notice is now open for public opinion and healthcare professionals across the United States, patients and associated, business partners of clinical settings are being asked to put forth their opinion in this regard.

HITECH tells patients who has accessed their health information

This Proposed Ruling seeks to give people more rights in terms of being informed about the manner in which their clinical data is used. The Proposed Rule says that a patient can demand a report containing a list of all the entities that have electronically accessed and viewed his/her protected health information.

Office for Civil Rights OCR of the HHS or the U.S. Department of Health and Human Services is credited with bringing forth this Proposed Ruling. It is in accordance with the benchmarks set by the HITECH Act (Health Information Technology for Economic and Clinical Health) and is likely to engage positive reviews from the people since it seeks to create greater accountability for the use of patient healthcare information.

This indirectly means that healthcare service-providers will need to engage better systems for safeguarding Private Health Information and be more accountable for their actions. This fact was underlined by the comments of OCR Director, Georgina Verdugo, who opined that the ruling was in continuation of efforts to safeguard the peoples’ rights, including their health information, to a greater extent and thus, details of patient information use or disclosure should be recorded and reported. If this Proposed Ruling is implemented, patient would be able to demand an Access Report. This report would document all the people who have electronically viewed, shared or accessed their health information.

First Impressions of the Proposed Ruling
1. Currently, all covered entities are stipulated by HIPAA Security Rule for tracking how they are allowing access to electronic PHI (protected health information) but they are not obliged to share such information with the people.. Once, the Proposed Rule is implemented, seeking detailed information about any kind of patient information disclosure will further prevent any fraudulent or unauthorized use of clinical data.
2. Such report-generation systems are not likely to induce a significant burden on the covered entities or their business associates in terms of processing time of information, i.e. if they are using an upgraded EMR system, such reports can be easily generated with minimal costing. This underlines the advantage of using EMR systems provided by credible vendors who can incorporate EMR updates in accordance with the latest changes in the HIPAA niche.