Quantcast
Channel: HealthITSecurity.com » HIE Security
Viewing all articles
Browse latest Browse all 142

Tiger Teams seeks to conclude accounting of disclosures talks

$
0
0

The HIT Policy Committee Privacy & Security Tiger Team is working toward final recommendations for updating requirements related to accounting of disclosures of protected health information (PHI). In its recent November 5 meeting, the Tiger Team continued its discussion on whether EHRs are capable of handling accounting of disclosure proposals and forming access reports that would be readable for patients.

The testimony at its September Virtual Hearing ranged in opinion on whether the technology would be successful. For example, Jutta Williams, Director, Corporate Compliance Privacy Office at Intermountain Healthcare, described some of the limitations in Intermountain’s disclosure capabilities.

For the disclosures that use database queries, analysts must manually prepare and deliver spreadsheets to the privacy office. For some CMS reporting not related to direct payment, for example, our Quality department manually prepares and delivers a spreadsheet each quarter that includes all patient record data delivered to meet quality measure reporting requirements.

Though the Tiger Team said it understands the importance of transparency, it expressed concerns regarding the feasibility and value of access reports for patients. During the recent meeting, it came up with a few potential recommendations and questions surrounding those proposals. In addition to reviewing model notice of privacy practices (NPPs), the team asked whether it needed to review anything else. Additionally, regardless of whether the disclosure was “reportable” per HITECH, the Tiger Team is discussing the idea of “reinforcing the right of an individual to an investigation of any inappropriate access.”

Additional recommendations included:

- Consider implementing the HITECH requirements in a step wise fashion, starting with provider EHRs (Ex: Certified Electronic Health Record Technology (CEHRT) standards)

- Adopt a “less is more” philosophy, referring to (1) scope of disclosures to be reported to patients (more narrow than the current definition), and (2) details about those disclosures (what is most pertinent – not overwhelming and not posing a potential safety risk to EMR users).

- Disclosure report specifics: Would there be a date of disclosure, type of information disclosed (if possible), and name of organization or entity receiving the information? What about names?

- Would these pilots be use cases in determining future EHR certification stages and then the government could deviate plans based on patient interest down the road?

- How do business associates (BAs) fit in?

The Tiger Team said it would like to conclude disclosure discussion by November 18 and present final recommendations to the HIT Policy Committee in December for Office of the National Coordinator for Health IT (ONC) review.


Viewing all articles
Browse latest Browse all 142

Trending Articles