HIPAA:
Employees Peeking at Patients' PHI? Soon, Patients May Know
Published on Tue May 10, 2011
HHS wants you to give patients access to a list of providers who accessed their records. Your HIPAA headaches will multiply under a new proposed rule on PHI access. A new Department of Health and Human Services proposed rule, published in the May 31 Federal Register, would require you to offer patients a way to combat the growing concern of medical records privacy, by issuing them an "access report." The report would list the specific people who electronically viewed their protected health information (PHI). The HIPAA Security Rule already requires covered entities to track access to patients' electronic PHI, but does not currently require them to share that information with the patients. Now the proposal suggests offering the patients an annual listing of the records. It would include every instance of access to the patient's PHI -- including legitimate reviews for reasons of treatment and payment -- as well as other instances. [...]