Disclosures Rule Is a Hot TopicRecords Access Reports Prove Controversial
Some observers portrayed this requirement as unreasonable, while others thought it was overdue, given certain audit controls requirements already included in the HIPAA Security Rule (see: Reacting to Disclosures Rule Proposal). Meanwhile, Adam Greene, the primary author of the rule, contended that if an organization already has system activity logs in place "it won't necessarily be a huge lift to comply with this rule."
In a series of guest blogs, security experts weighed in on the subject. Consultant Kate Borten explained why she strongly believes the access reports are a good idea for helping crack down on records snoops and protect patient privacy. In contrast, attorney Kathryn Roe questioned whether access reports would have much value to the average patient. And consultant Rebecca Herold pinpointed some challenges the proposal raised, including the touchy issue of revealing employee's names in access reports.
Comments on the proposal can be submitted to federal authorities until August 1, so don't miss your opportunity to make your views known.
In an interview, regulatory expert Christopher Hourihan suggested that healthcare organizations begin asking their business associates about their ability to produce audit logs listing who has accessed patient information because the proposed rule encompasses these vendors as well.
Meanwhile, some organizations have already adopted new technology to ease the process of monitoring records access. For example, Maimonides Medical Center is using technology that aggregates log information from more than 100 applications to make it easier to conduct access audits (see: Monitoring Access to Records).
So what do you think? Is the proposed Accounting of Disclosures Rule reasonable? Comments on the proposal can be submitted to federal authorities until August 1, so don't miss your opportunity to make your views known. For information on how to comment, view the notice of proposed rulemaking.