Skip to content Skip to navigation

HIPAA Changes would Allow Individuals to See Who Accessed Protected Info

May 31, 2011
by root
| Reprints

A proposed rule concerning the accounting of disclosures requirement under the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule is now available for public comment, the Department of Health and Human Services announced Tuesday. The proposed rule would give people the right to get a report on who has electronically accessed their protected health information.

The HHS Office for Civil Rights is proposing the changes pursuant to the Health Information Technology for Economic and Clinical Health (HITECH) Act. HITECH is part of the American Recovery and Reinvestment Act of 2009.

The changes would require an accounting of more detailed information for certain disclosures that are most likely to affect a person’s rights or interests, providing valuable information to individuals “while placing a reasonable burden on covered entities and business associates,” according to an HHS release.

A person would obtain this information by requesting an access report, which documents who electronically accesses and views their protected health information. HHS noted that while covered entities are currently required by the HIPAA Security Rule to track access to electronic protected health information, they are not required to share this information.

“This proposed rule represents an important step in our continued efforts to promote accountability across the healthcare system, ensuring that providers properly safeguard private health information,” said Georgina Verdugo, director of the Office for Civil Rights, in a release. “We need to protect peoples’ rights so that they know how their health information has been used or disclosed.”

Comments on the proposed rule are being accepted through August 1.

Topics