Understanding the Accounting of Disclosures Form in HIPAA

Introduction

The accounting of disclosures form is an essential aspect of the Health Insurance Portability and Accountability Act (HIPAA). This form ensures transparency and accountability in the handling of protected health information (PHI) by covered entities and business associates.

What is an Accounting of Disclosures?

An accounting of disclosures is a record that documents the instances where PHI has been disclosed by a covered entity or business associate. It provides individuals with information about who has accessed their health information and for what purpose.

Requirements for Documenting Incidental Disclosures

One frequently asked question is whether covered entities are required to document incidental disclosures in an accounting of disclosures. According to HIPAA, incidental disclosures that occur as a byproduct of an otherwise permissible use or disclosure do not need to be documented.

Access to Personal Information by Business Associates

Another common concern is whether HIPAA requires business associates to provide individuals with access to their own information. The answer is yes, business associates must provide individuals with access to their PHI in accordance with the HIPAA Privacy Rule.

Documenting Oral Communications

The HIPAA Privacy Rule does not explicitly require covered entities to document all oral communications. However, it is advisable for covered entities to maintain a written record of oral communications involving the disclosure of PHI to ensure accuracy and accountability.

Documenting Medical Records Accessed by Public Health Authorities

Covered entities are not required to document each medical record that may be accessed by a public health authority. Instead, they should maintain a general record of the types of information disclosed to public health authorities for public health activities.

Accounting for the Date of Access

When the exact date of access to PHI is not known for certain, covered entities can account for the date of access by providing an approximate date or a range of dates. This allows for a reasonable level of accuracy in the accounting of disclosures.

Accounting for Limited Data Set Disclosures

In cases where the only information disclosed is a limited data set, covered entities must still provide an accounting for such disclosures. A limited data set contains PHI with certain direct identifiers removed, but it can still be used to identify an individual.

Hiring Business Associates for Limited Data Sets

Covered entities may hire a business associate to create a limited data set as long as the business associate complies with the HIPAA Privacy Rule and signs a business associate agreement. This allows covered entities to disclose a limited data set without requiring an individual's authorization.

Accounting for PHI Disclosures in Litigation

A covered entity must account for disclosures of PHI made during the course of litigation. This includes disclosures made as part of legal proceedings or in response to a court order. The accounting of disclosures ensures transparency and accountability in the legal handling of PHI.

Conclusion

The accounting of disclosures form plays a crucial role in ensuring transparency and accountability in the handling of PHI. Covered entities and business associates must comply with the requirements set forth by HIPAA to provide individuals with an accurate record of who has accessed their health information. By understanding the accounting of disclosures form, individuals can have greater control over their personal health information.