Rule Would Clear Path For EHR ‘Access Reports’

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights yesterday proposed a rule that would allow patients to obtain “access reports” listing the names of individuals who had accessed their electronic health records (EHR). The new rule would add to regulations already in place under the Health Insurance Portability and Accountability Act (HIPAA), which protects patient privacy and sets security standards for electronic health records. Under the existing rule, health care providers must track information that pertains to EHR access, but are not required to provide it to patients. "We need to protect people's rights so that they know how their health information has been used or disclosed," says Georgina Verdugo, director of the HHS Office for Civil Rights. Verdugo characterizes the proposed rule as “an important step in continued efforts to promote accountability across the health care system, ensuring that providers properly safeguard private health information.” The move is the most recent component of a broader initiative by the Obama administration to update and streamline the medical records system in the U.S. The changes are authorized under the Health Information Technology for Economic and Clinical Health (HITECH) Act, a measure that was part of the 2009 stimulus package to encourage doctors and hospitals to adopt electronic health records. Last year, the HHS said any companies, doctors or hospitals that disclose private health information could face fines of up to $50,000 per violation. The health agency will take comments on the proposed rule until August 1.