HHS proposes giving patients access to a list of providers who accessed their records. If you've ever been tempted to access a patient's PHI for nonmedically necessary reasons, you now have a more official reason not to give in to that temptation. A new HHS proposal, published in the May 31 Federal Register, will offer patients a way to combat the growing concern of medical records privacy, by allowing them an "access report" -- which lists the specific people who electronically viewed their protected health information (PHI). The HIPAA Security Rule already requires covered entities to track access to patients' electronic PHI, but does not currently require them to share that information with the patients. However, the proposal suggests offering the patients an annual listing of the records. It would include every instance of access to the patient's PHI--including legitimate reviews for reasons of treatment and payment -- as well as other instances. It won't, however, provide information about why the person accessed the records. "This proposed rule represents an important step in our continued efforts to promote accountability across the health care system, ensuring that providers properly safeguard private health information," said Office of Civil Rights Director Georgina Verdugo in a May 31 statement. "We need to protect peoples' rights so that they know how their health information has been used or disclosed." HHS proposes instituting the right to access reports beginning on Jan. 1, 2013, for electronic designated record set systems acquired after Jan. 1, 2009, and beginning the following year for record set systems acquired as of Jan. 1, 2009. You can submit comments on the proposal through August 1 by visiting www.regulations.gov , clicking "submit a comment," and entering the ID "0991-AB62." You can read the complete proposal there as well.