Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!
    Email Address:
We never sell or give out your contact information. We respect our readers' privacy.

October 2, 2009

ARRA Accounting for Disclosures

Written by:
Filed under: add to del.icio.us


I’ve been reading some things about ARRA’s changes to HIPAA. I’ve heard a number of times the phrase that “ARRA has now given teeth to HIPAA.” I’ve also heard grumblings about a change in the HIPAA requirement that an EMR account for disclosures. I’ve been trying to get a number of experts on HIPAA to do a guest post on these various changes with no success, but I’ll keep trying.

However, I recently heard that the accounting for disclosures is even more stringent than I had thought about before. From what I’ve heard, the law will now require that you are storing and able to report on the disclosure of a patients health information to both internal and external sources. The external sources is something that we’ve done forever and is really not a problem. The challenge is accounting for the internal disclosure of the HIPAA information. Not to mention displaying that information in a nice report.

Let’s say for example, a nurse pulls up a list of patients during a search for a patient by last name. Does the EMR need to know all of the people that were in that list that could have been seen by the nurse? Do you need to audit how long the nurse had that list open? I’m sure there are more situations like this that seem to be required by the new HIPAA laws.

I actually saw a demo of a hospital EMR that recorded this type of granular auditing. I have a feeling many EMR software aren’t even close to this type of tracking.

I’m also reminded of my post talking about the number of users who legitimately access a patient’s chart. In that post I talk about the number of people who can mess up the chart. Now let’s think about the audit logs that will be required for all of those people who are accessing each granular part of a patient’s record.

I’d love to hear people’s thoughts on this subject and any clarifications on things I’m misunderstanding. No doubt we’re going to hear more about this in the future.

Related Articles
  • How Many Will Actually Collect ARRA EMR Stimulus Money?
  • ARRA Q&A: When will you get the EMR stimulus checks?
  • Closed Door Decision Making for ARRA and HITECH
  • Problems with ARRA EMR Stimulus Money
  • ARRA versus HITECH Rant

  • » EMR and HIPAA Sponsors
    • Get the Free EMR and HIPAA Email Newsletter:
    Email Address:
    Tags:

    Look for similar articles under these categories: 

    5 responses to "ARRA Accounting for Disclosures"

    1. # CEOmike commented on October 2nd, 2009:

      You are right many EMRs do not have ANY internal tracking. Medscribbler records every action of open, read, print, alter etc of every part: progress note, Rx-ing etc according to every logged on user with time and date. Not perfect but MOST EMRs for primary care have very little or nothing.

    2. # Jill N commented on October 8th, 2009:

      While I agree that there is a strong need for HIPAA laws to protect patient information, it sounds as if ARRA may be going a bit overboard. How will health care professionals ever be able to effectively and efficiently do their jobs if they have to think about every time they access patient records? Wow…

    3. # John commented on October 8th, 2009:

      Jill,
      I don’t think that health care professionals will have to think every time they open it. The EMR will take care of all the tracking and it should be able to say that you opened it and within a few seconds closed it. So, no one will ask questions there. However, the price to monitor and report on all of this stuff is expensive to build into an EMR and so that price will be passed on to the healthcare professionals.

    4. # Ryan commented on November 9th, 2010:

      My question is will the government have the right to access or request audit logs from doctors using EMR?

    5. # John commented on November 9th, 2010:

      Ryan,
      I’m not a lawyer, so don’t take what I say as legal advice. However, it seems quite clear that there will be times when doctors will have to provide audit logs from their EMR system. That seems pretty much inevitable for me. I expect there will be a whole industry of expert witness testimony on EMR software. That last part is just my guess.

    Leave a Reply
    Commenting policy: Some comments run the risk of being deleted. These include comments that are spam or cannot be understood or are rude.
    You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

    Notify me of followup comments via e-mail. You can also subscribe without commenting.



    • Top - Home