HIPAA Handbooks

  • Privacy and security training for new and seasoned staff
  • 11 staff/setting focus areas
  • Education on protecting PHI
  • New HITECH Act changes
  • Discounts on bulk purchases



  • Role-based training using real-life case scenarios
  • Test-your-knowledge exercises with remediation
  • Post-course test to document staff participation


Other HIPAA Resources

  • Hot-topic audio conferences
  • Books on privacy and security
  • Newsletters
  • e-Newsletter
  • Videos



HITECH accounting of disclosures rule released

Email This Post Print This Post

The Department of Health & Human Services (HHS) Friday, May 27, published a HITECH-required proposed rule on accounting of disclosures of EHRs.

The rule will ultimately lay the foundation for what healthcare providers will be accountable for when patients request disclosures on their electronic medical records. HITECH expands an individual’s right to request accounts on disclosures of his/her health record.

It also includes a new right for patients to request an “access report,” which will tell patients who exactly accessed and viewed their PHI. This right was not included in HITECH.

“We believe that these changes to the accounting requirements will provide information of value to individuals while placing a reasonable burden on covered entities and business associates,” according to HHS in the proposed rule. “The process of creating a full accounting of disclosures is generally a manual, expensive, and time consuming process for covered entities and business associates.”

The Office for Civil Rights (OCR), the enforcer of the HIPAA privacy and security rules, in May 2010 published a notice in the Federal Register asking for help crafting this proposed rule on accounting of disclosures on EHRs.

OCR wrote that it wanted to “better understand the interests of individuals with respect to learning of such disclosures, the administrative burden on covered entities and business associates of accounting for such disclosures, and other information that may inform [our] rulemaking in this area.”

Current law exempts disclosures to carry out treatment, payment and healthcare operations. But HITECH changed that, allowing patients to request these types of disclosures through an EHR.


  1. Frank Ruelas says:

    This proposed rule is going to be very helpful in many aspects. Some general observations on Day 1 of its release include:
    – Several good examples of non designated record set documents
    – An example of an access report and its content
    – clarification of terms
    – interesting insight on the rationale on some of the reqts.

    The funny thing is that I suspect the time and resources that CEs will deploy to review and respond to these will greatly outnumber the scale of requested accounting of disclosures.

    We’ll see…


Leave a Reply