The Department of Health and Human Services has issued a request for information as it prepares a rule covering the accounting of disclosures of protected health information under the HITECH Act.

The act amends the HIPAA privacy rule to require covered entities to account for disclosures of electronic PHI to carry out treatment, payment and health care operations. "This document is a request for information with respect to learning of such disclosures, the administrative burden on covered entities and business associates of accounting for such disclosures, and other information that may inform the department's rulemaking in this area," according to a RFI published May 3 in the Federal Register.

The HITECH mandate eliminates the current HIPAA privacy rule exemption for disclosures through an electronic health record. Under HITECH, an individual has a right to receive an accounting of such disclosures for a period of three years prior to the request.

The RFI includes nine specific questions, several with multiple segments, on which HHS requests industry input. Comments are due on or before May 18. The RFI is available at

--Joseph Goedert


Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access