Disclosure Report Could Reveal HIPAA Breaches

Greg Freeman , January 31, 2012
Are you a health leader?
Qualify for a free subscription to HealthLeaders magazine.

This article appears in the January 2012 issue of HealthLeaders magazine.

A proposed rule concerning the accounting of disclosures requirement under the HIPAA Privacy Rule would give patients the right to get a report on who has electronically accessed their protected health information, and some legal experts worry that this could pose problems for healthcare providers.

People would obtain this information by requesting an access report, which would document the particular persons who electronically accessed and viewed their PHI, explains Nathan A. Kottkamp, JD, a partner with the law firm of McGuireWoods in Richmond, VA. Although covered entities are currently required by the HIPAA Security Rule to track access to electronic PHI, they are not required to share this information with people.

"It makes it that much easier to find a smoking gun demonstrating that your staff is not in compliance with HIPAA," Kottkamp says. "If I'm a covered entity, I think this rule really does scare me from a litigation perspective and a compliance perspective. I'm confident that we're going to see more litigation about breaches of privacy, and I would remind staff that they could be held directly liable for snooping in records they shouldn't have looked at. It puts them at very, very real risk of being dragged into a lawsuit."

This article appears in the January 2012 issue of HealthLeaders magazine.

Greg Freeman is a contributing writer for HealthLeaders Media.

Comments are moderated. Please be patient.

2 comments on "Disclosure Report Could Reveal HIPAA Breaches"

Lynn (2/23/2012 at 10:16 AM)
As a family law attorney, I absolutely want to know who has accessed my file(s). I have represented numerous people or their spouses who work in the medical industry. My spouse's exwife also works in the medical field and we suspect she has accessed both of our files. I believe I have a right to know who has accessed my file. I feel compliance will increase if they know patients can get an audit upon request.

dnelson (1/13/2012 at 1:12 PM)
Having no right to personal action under HIPAA, the theoretical smoking gun would lead the indiviudal still having to prvove they had suffered harm. Difficult at best from someone just accessing the data. What this will lead to is having to expalin to Joan Client that Johnny Biller accessed her record six times on one day as it was necessary for processing of a heatlh claim.




FREE e-Newsletters Join the Council Subscribe to HL magazine


100 Winners Circle Suite 300
Brentwood, TN 37027


About | Advertise | Terms of Use | Privacy Policy | Reprints/Permissions | Contact
© HealthLeaders Media 2016 a division of BLR All rights reserved.