The College of Healthcare Information Management Executives recently urged the Department of Health and Human Services Office for Civil Rights to scale back recommended changes to HIPAA, according to a CHIME comment letter.
CHIME officials wrote that proposed changes to the accounting disclosures and access reports require overly technical aspects that are not available to all healthcare entities and do not acknowledge the amount of human intervention that would be needed to achieve compliance.
In the letter, CHIME officials recommended the OCR act on the following:
• Provide more discussion on the "type of protected health information disclosed" data element listed in the final rule.
• Retain the current 60-day timeline for responding to accounting of disclosure requests instead of the proposed 30-day timeline.
• Alter the proposed aggregation of access log information for generating access reports.
• Allow covered entities to provide limited access reports based on data from access logs from certified electronic health records.
• Extend the 30-day requirement to prepare access reports.
Read the entire CHIME letter to the OCR on the proposed HIPAA privacy rules (pdf).
Boston's Tufts Medical Center Accused of Faxing Patient's Medical History Without Consent
UCLA Health System Settles Potential HIPAA Violations for $865K
CHIME officials wrote that proposed changes to the accounting disclosures and access reports require overly technical aspects that are not available to all healthcare entities and do not acknowledge the amount of human intervention that would be needed to achieve compliance.
In the letter, CHIME officials recommended the OCR act on the following:
• Provide more discussion on the "type of protected health information disclosed" data element listed in the final rule.
• Retain the current 60-day timeline for responding to accounting of disclosure requests instead of the proposed 30-day timeline.
• Alter the proposed aggregation of access log information for generating access reports.
• Allow covered entities to provide limited access reports based on data from access logs from certified electronic health records.
• Extend the 30-day requirement to prepare access reports.
Read the entire CHIME letter to the OCR on the proposed HIPAA privacy rules (pdf).
Related Articles on HIPAA:
Dr. Julie C. Howard Fined for Violating Patient Privacy Laws in IowaBoston's Tufts Medical Center Accused of Faxing Patient's Medical History Without Consent
UCLA Health System Settles Potential HIPAA Violations for $865K