The HHS Office of Civil Rights (OCR) announced that the Health Information Technology (HIT) Policy Committee’s Privacy and Security Tiger Team will hold a virtual, public hearing on Monday, September 30 from 11:45 a.m. to 5:00 p.m. EDT to discuss approaches for providing patients with greater transparency about the uses and disclosures of their electronic protected health information (PHI). The hearing is also intended to address the HIPAA Privacy Rule “accounting of disclosures” requirement.
The Privacy Rule provides an individual with the right to receive an accounting of disclosures of the individual’s PHI by the covered entity to others, except for disclosures made to carry out treatment, payment, and health care operations.
Proposed rules were issued in 2011 to implement the HITECH requirement that covered entities and business associates account for disclosures of PHI made to carry out treatment, payment, and health care operations, if such disclosures are made through an electronic health record. Notably, this requirement was not addressed by the Omnibus Rule, but according to OCR, the proposed rules are still under consideration. The hearing may facilitate the preparation of final rules.
The proposed accounting rules were not well-received by many covered entities and business associates, as they would create significant new challenges, including enhanced tracking requirements. The hearing demonstrates that OCR is considering the proposed rules and trying to find reasonable ways to implement them.
Individuals may listen to the hearing by clicking here. Members of the public may submit questions prior to the hearing online here. The hearing will include time for public comments from 4:45 to 5:00 p.m. EDT.