APTA recently posted a summary of proposed revisions to the accounting of disclosures requirements under the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. The proposed rule, released May 31, contains requirements that covered entities and business associates must comply with to account for disclosures of protected health information (PHI) relating to payment, treatment, and health care operations if such disclosures are through electronic designated record sets. It also revises existing accounting requirements under HIPAA. Additionally, patients and enrollees would be able to learn who has accessed their records through an "access report." The report would provide detailed information about disclosures that may be of interest to the patient, such as disclosures to law enforcement. However, the report would not provide information regarding the reason the information was accessed.
The summary outlines types of disclosures subject to the accounting requirement and proposed compliance dates. Although it is not a final rule, the summary also includes information on provider preparation and assessment.
HHS anticipates publishing a final rule in late 2011.