July 7, 2011
On May 31, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights released its long-awaited proposed rule on the HITECH Act’s expansion of the HIPAA disclosure accounting requirements for covered entities (CE) to include disclosures of patient protected health information (PHI) stored in electronic health records (EHR).
CEs that use EHRs — which sooner or later will likely be ALL health care providers — will be required to account for each disclosure of PHI from their EHRs and any other electronic records that, with the information stored in the EHR, is part of a designated record set for any reason, including disclosures for treatment, payment and health care operations (TPO), which formerly did not need to be included in a patient’s disclosure accounting.
Once OCR finalizes this expansion of the HIPAA privacy rule requirements, compliance deadlines for covered entities will vary based on when an organization implemented its EHR. Learn about what the new requirements mean for your organization, when covered entities will be required to comply, what constitutes a “disclosure” made from an EHR, and much more.