A provision in the proposed Accounting of Disclosures Rule mandated under the HITECH Act that calls for providing patients with an "access report" listing everyone who's electronically accessed their records is stirring up debate.
Many organizations are unprepared to adequately respond to a breach, security expert Bob Chaput says. "Breach notification planning is just a fundamental, basic part of risk management in the new millennium," he adds.
Federal authorities have issued a detailed notice of proposed rulemaking that sets out guidelines for how patients must be provided with an accounting of who has viewed their protected health information.
The federal list of major healthcare information breaches that have occurred since September 2009 didn't grow much in the past month. The list now includes 272 cases affecting a total of almost 10.9 million individuals.