Electronic Medical Records & Security
The new EHR Disclosure Rule proposed by the Department of Health and Human Services (HHS) suggests that patients should know who has had access to their medical records. Going electronic with medical records has an endless amount of benefits to the patient, to the doctor and to the medical research field. However, the implementation of the Health Information Technology for Economic and Clinical Health (HITECH) Act raised lots of concerns over the security of medical records if stored electronically. Those concerns were fully validated by the shamefully high number of HIPAA violations from the year 2009 to the present. The recorded leaks of patient information came from storage device theft, accidental loss, system hacking or unauthorized access or disclosure. The security breaches led the Department of Health and Human Services (HHS) to propose a privacy rule to protect patient health data.
The proposed rule would give patients the right to request a list of the identities all persons who have electronically accessed their protected medical information. As of now, HIPAA is required to keep track of all those who have viewed the medical files but does not have to share it. The current penalty for a HIPAA violation is up to $50,000 per violation by a hospital or physician. ”This proposed rule represents an important step in our continued efforts to promote accountability across the health care system, ensuring that providers properly safeguard private health information,” says Georgina Verdugo, the HHS Director of the Office of Civil Rights.
If the proposal passes, it will become effective in 2013. HHS will be taking comments about the proposed disclosure rule until August 1st at www.regulations.gov.