Chiropractic Billing Service and Practice Mgmt Software - All-in-One Profitability Solution by Billing Precision, LLC.

Accounting for Disclosures in Electronic Health Records Could Be a Time Bomb Waiting for HIPAA Covered Entities

Published: 2009-06-18 14:03:10
Author: Eve Collins | Atlantic Information Services, Inc. | May 18, 2009

Covered entities (CEs) are stemming their panic for now regarding the new accounting for disclosures requirements for electronic health records (EHRs) that were part of the HITECH Act, at least until they see guidance from HHS, which is due in August, consultants and privacy officials tell RPP.

The new accounting of disclosures requirements for EHRs under the HITECH Act dictates that providers log all disclosures made through EHRs — including those made for treatment, payment and health care purposes — and report them to patients when requested. Formerly, HIPAA required that providers log when protected health information (PHI) is disclosed for purposes other than treatment, payment or health care operations.

The new requirements are a ticking time bomb for covered entities mainly because so much has yet to be defined, says Frank Ruelas, privacy and compliance trainer for CEs. "So many people are reading the [provisions], which are saying 'You must do X, Y and Z — and by the way, we'll let you know what X, Y and Z are later,'" he contends.

"Accounting of disclosures for EHRs is really up in air because before anyone can comply, we have to know what they want….The upside is that they're built on the HIPAA foundation, so one nice thing is that this is not the first-time exposure to these terms. There might be twists and turns on some things, but at least we have a solid foundation," he says.

"How rapidly HHS defines what the requirements are going to be is likely the biggest issue," agrees Chris Apgar, president of Apgar and Associates. But a lot is going to depend on how rapidly vendors respond, he adds. "I'm telling clients not to do anything right now. You don't want to purchase an EHR a vendor claims to be compliant or do any custom programming until HHS has defined the criteria. Until we know that, vendors can't program for it. If HHS takes its time and doesn't issue [guidance] for a significant period of time, that puts the vendors and CEs in an untenable position because they will have a difficult time programming EHRs to meet the new requirements."

Full story