Change Proposed for Health Insurance Privacy Rule
The proposed rule from HHS would give people the right to obtain a report on who has electronically accessed their protected health information.
A May 31 proposed rule from the U.S. Department of Health and Human Services' Office for Civil Rights would change the Health Insurance Portability and Accountability (HIPAA) Act Privacy Rule by giving people the right to obtain a report on who has electronically accessed their protected health information. Public comments will be accepted until Aug. 1.
The proposal will implement the Health Information Technology for Economic and Clinical Health (HITECH) Act, which is part of the American Recovery and Reinvestment Act of 2009. "This proposed rule represents an important step in our continued efforts to promote accountability across the health care system, ensuring that providers properly safeguard private health information," said OCR Director Georgina Verdugo. "We need to protect people's rights so that they know how their health information has been used or disclosed."
To obtain the information, someone would have to request an access report, which would document the individuals who electronically accessed and viewed their protected health information. Although covered entities are currently required by the HIPAA Security Rule to track access to electronic protected health information, they are not required to share that information with people.
The proposed rule requires an accounting of more detailed information for certain disclosures that are most likely to affect a person's rights or interests. The proposed changes to the accounting requirements provide information of value to individuals while placing a reasonable burden on covered entities and business associates, according to HHS.