HITECH Headache: EHR DisclosuresAccounting for who views records
The Office of Civil Rights within the U.S. Department of Health and Human Services is spending a great deal of time sorting through how to write a practical rule for carrying out this mandate, Gallagher says. A rule on accounting for disclosures is due June 30.
HITECH gives patients the right to request an accounting of disclosures of their health information made through an electronic health record.
Under HITECH, the federal rule for carrying out this mandate must take into account the interests of individuals who want to learn when and to whom their information is disclosed, the usefulness of the information to the individual, and the cost burden for such accounting.
And those requirements add up to a rule that's going to be extremely tough for regulators to write and difficult for healthcare organizations to follow, Gallagher says.
Gallagher was one of the speakers at a security workshop held Feb. 28 at the HIMSS Conference in Atlanta.
Another speaker at the workshop, Joy Jacobsen, chief privacy/compliance officer at CareEntrust, Kansas City, Mo., urged attendees to reach out to EHR vendors to verify how their software accommodates the disclosure process.
She also reminded CISOs to document how their business associates go about disclosing information.