HHS Releases Proposed Rule for Accounting of Disclosures

by | Jun 1, 2011 | HIPAA, Legislation & Rulemaking

HHS Releases Proposed Rule for Accounting of Disclosures

A Notice of Proposed Rulemaking (NPRM) concerning the accounting of disclosures (AOD)requirement under the HIPAA Privacy Rule was posted last Friday, May 31, 2011.  The U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) states in its Press Release regarding the NPRM:

This proposed rule represents an important step in our continued efforts to promote accountability across the health care system, ensuring that providers properly safeguard private health information . . . We need to protect peoples’ rights so that they know how their health information has been used or disclosed.

HHS points out that people would obtain this information by requesting an access report, which would document the particular persons who electronically accessed and viewed their protected health information (PHI). Although covered entities are currently required by the HIPAA Security Rule to track access to electronic PHI, they are not required to share this information with patients.  HHS also points out that the NPRM requires an accounting of more detailed information for certain disclosures that are most likely to affect a person’s rights or interests.

Interestingly, with regard to health information exchange (HIE) specifically, HHS notes in the Preamble to the NPRM that it considered but rejected requiring that a full accounting of disclosures be made through a HIE at this time.  However, HHS states its intentions to work with ONC to assess whether standards for exchanges of information should include information about the purpose of each transaction.  It also notes that to the extent such information would fall under a disclosure required to be accounted for (e.g., public health), the individual would still have a right to learn of such a disclosure.

For a summary of the AOD NPRM prepared by Attorneys at Oscislawski LLC, click here.

Public comments are due by August 1, 2011 and can be submitted by clicking here.

Print Friendly, PDF & Email
Share this:

If you are not a subscriber to our backend Legal HIE compliance library, download our Table of Contents here to check out all of the tools, checklists, whitepapers, sample policies we make available to our members to help their organizations comply with Information Blocking, HIPAA, 42 CFR Part 2, Data Breaches and more. Ready to subscribe now? Click here to review our subscription options.

Archives