Confidentiality, Privacy and Security

Accounting of Disclosures and Breach Notifications

  • 1.  Accounting of Disclosures and Breach Notifications

    Posted 07-08-2020 05:30
    Yesterday I received almost a dozen emails asking a very similar question (BIG THANK YOU to those who contacted me!) regarding the following.  So I figured there may be others that may find this clarification useful.

    It appears there are some that are under the impression that if a patient receives a breach notification letter resulting from an impermissible disclosure, then that impermissible disclosure need not appear on an Accounting of Disclosures if the affected patient should request a copy.

    This is not consistent with the requirements.  I think where some people may be getting confused is that proposed changes to the Privacy Rules introduced in 2011 suggested such a change to the requirements related to the Accounting of Disclosures, but these proposed changes never went anywhere and are still pending...nine years and counting...and at last report OCR had no intention of making any of the proposed changes.

    Some folks may remember, this was also when the infamous "Access Report" was introduced...but also has since gone nowhere as well.

    Hope this helps.

    Frank Ruelas
    Compliance Professional