The Security Scrutinizer with Howard Anderson

Disclosures Rule Is a Hot Topic

Records Access Reports Prove Controversial

The proposed Accounting of Disclosures rule, called for under the HITECH Act, was a hot topic of discussion in June and will continue to be debated in the weeks ahead. Its provision calling for offering patients an access report outlining who has accessed their records has proven to be controversial.

Some observers portrayed this requirement as unreasonable, while others thought it was overdue, given certain audit controls requirements already included in the HIPAA Security Rule (see: Reacting to Disclosures Rule Proposal). Meanwhile, Adam Greene, the primary author of the rule, contended that if an organization already has system activity logs in place "it won't necessarily be a huge lift to comply with this rule."

In a series of guest blogs, security experts weighed in on the subject. Consultant Kate Borten explained why she strongly believes the access reports are a good idea for helping crack down on records snoops and protect patient privacy. In contrast, attorney Kathryn Roe questioned whether access reports would have much value to the average patient. And consultant Rebecca Herold pinpointed some challenges the proposal raised, including the touchy issue of revealing employee's names in access reports.

In an interview, regulatory expert Christopher Hourihan suggested that healthcare organizations begin asking their business associates about their ability to produce audit logs listing who has accessed patient information because the proposed rule encompasses these vendors as well.

Meanwhile, some organizations have already adopted new technology to ease the process of monitoring records access. For example, Maimonides Medical Center is using technology that aggregates log information from more than 100 applications to make it easier to conduct access audits (see: Monitoring Access to Records).

So what do you think? Is the proposed Accounting of Disclosures Rule reasonable? Comments on the proposal can be submitted to federal authorities until August 1, so don't miss your opportunity to make your views known. For information on how to comment, view the notice of proposed rulemaking.



About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.asia, you agree to our use of cookies.