HHS has proposed changes to the HIPAA Privacy Rule which allow people to learn who has electronically accessed their protected health information.
If passed, the revised Rule would allow people to obtain this information by requesting an access report, which would document the particular persons who electronically accessed and viewed their PHI.
Although covered entities are currently required by the HIPAA Security Rule to track access to ePHI, they are not required to share this information with people.
"This proposed rule represents an important step in our continued efforts to promote accountability across the health care system, ensuring that providers properly safeguard private health information," said HHS' Office for Civil Rights Director Georgina Verdugo, in a news release. "We need to protect peoples' rights so that they know how their health information has been used or disclosed."
View the proposed rule by clicking here (pdf).
Read the HHS news release about the proposed change to the HIPAA Privacy Rule.
Related Articles on HIPAA:
Omnibus HIPAA Final Rule Will Not Mandate Encryption of Personal Health Information
10 Critical Social Media Guidelines for Surgery Center Physicians and Staff
HHS Inspector General finds Security Concerns Abound