HITECH Headache: EHR Disclosures

Accounting for who views records
HITECH Headache: EHR Disclosures
Accounting for who has viewed a patient's electronic health record "is the single most difficult security requirement to figure out" in the HITECH Act. That's the conclusion of Lisa Gallagher, senior director for privacy and security at the Healthcare Information and Management Systems Society.

The Office of Civil Rights within the U.S. Department of Health and Human Services is spending a great deal of time sorting through how to write a practical rule for carrying out this mandate, Gallagher says. A rule on accounting for disclosures is due June 30.

The Mandate

HITECH gives patients the right to request an accounting of disclosures of their health information made through an electronic health record.

Under HITECH, the federal rule for carrying out this mandate must take into account the interests of individuals who want to learn when and to whom their information is disclosed, the usefulness of the information to the individual, and the cost burden for such accounting.

And those requirements add up to a rule that's going to be extremely tough for regulators to write and difficult for healthcare organizations to follow, Gallagher says.

Gallagher was one of the speakers at a security workshop held Feb. 28 at the HIMSS Conference in Atlanta.

Another speaker at the workshop, Joy Jacobsen, chief privacy/compliance officer at CareEntrust, Kansas City, Mo., urged attendees to reach out to EHR vendors to verify how their software accommodates the disclosure process.

She also reminded CISOs to document how their business associates go about disclosing information.

About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.