Introduction

Accounting of Disclosures is a crucial aspect of protecting individuals' health information and ensuring transparency in the healthcare system. In this blog post, we will explore the definition and importance of Accounting of Disclosures, as well as address frequently asked questions surrounding this topic.

Defining Accounting of Disclosures

The term 'Accounting of Disclosures' refers to the process of documenting and providing individuals with a comprehensive list of instances in which their health information has been disclosed for purposes other than treatment, payment, healthcare operations, and certain other activities. This list typically covers a specific timeframe, usually the last 6 years.

Legal Basis: HIPAA Privacy Rule

The requirement for Accounting of Disclosures is rooted in the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule, specifically outlined in 45 CFR § 164.528. This rule mandates covered entities, such as healthcare providers, health plans, and healthcare clearinghouses, to maintain an accurate record of disclosures and make them available to individuals upon request.

Understanding the FAQs

Let's address some common questions related to Accounting of Disclosures:

1. Are covered entities required to document incidental disclosures in an accounting of disclosures?

Incidental disclosures, which are unintentional or unavoidable disclosures, do not need to be documented in an accounting of disclosures. However, covered entities should still strive to minimize incidental disclosures and implement appropriate safeguards.

2. Does HIPAA require business associates to provide individuals with access to their information?

Yes, HIPAA requires business associates, who handle protected health information (PHI) on behalf of covered entities, to provide individuals with access to their information. This includes providing an accounting of disclosures if requested by the individual.

3. Does the HIPAA Privacy Rule require that covered entities document all oral communications?

No, the HIPAA Privacy Rule does not explicitly require covered entities to document all oral communications. However, covered entities should maintain policies and procedures to ensure the appropriate use and disclosure of PHI, including oral communications.

4. Does a covered entity have to document each medical record that may be accessed by a public health authority?

No, a covered entity is not required to document each medical record that may be accessed by a public health authority. The accounting of disclosures should focus on instances where PHI is disclosed outside of authorized entities and purposes.

5. How can a covered entity account for the date of access if it is not known for certain?

If the exact date of access is not known, the covered entity should make a reasonable effort to provide an estimated date or a range of dates in the accounting of disclosures. Transparency and accuracy are key principles in this process.

6. Must a covered entity provide an accounting for disclosures if the only information disclosed is a limited data set?

No, if the only information disclosed is a limited data set, which excludes certain direct identifiers, the covered entity is not required to provide an accounting of disclosures. However, they should still maintain appropriate records of limited data set disclosures.

7. May a covered entity hire a business associate to create a limited data set?

Yes, a covered entity may hire a business associate to create a limited data set on its behalf. However, the business associate must enter into a written agreement with the covered entity, outlining the responsibilities and obligations regarding the limited data set.

8. When must a covered entity account for disclosures of PHI made during the course of litigation?

A covered entity must account for disclosures of PHI made during the course of litigation if the individual requests an accounting. This includes disclosures to attorneys, courts, and other parties involved in the legal proceedings.

Additional Considerations

While the FAQs provide a comprehensive understanding of Accounting of Disclosures, it is important to note that there may be additional factors and nuances specific to individual cases and jurisdictions. Consulting legal experts and familiarizing oneself with relevant laws and regulations is crucial for accurate implementation.

Conclusion

Accounting of Disclosures is a fundamental right that empowers individuals to have control over their health information. By providing a comprehensive list of instances in which their information has been disclosed, individuals can ensure transparency and hold covered entities accountable. Understanding the definition and requirements of Accounting of Disclosures is essential for both individuals and healthcare organizations to protect privacy and maintain trust in the healthcare system.