HIPAA). The biggest concern expressed toward Obama's implementation of HITECH is the question of the security of private patient medical data. In portable electronic form, it's a little more vulnerable than in bulky paper folder form. Already since 2009, 278 records of HIPAA breaches affecting 500 or more individuals have been posted. The violations listed have occurred in the form of loss (of a disk or laptop), theft of property, system hacking or unauthorized access to the private records. In response to these violations, the Department of Health and Human Services (HHS) has proposed a new privacy rule that would permit patients to request a list of people who have electronically viewed their private HIPAA-protected medical records.
The proposed privacy rule's purpose is to protect the patient's rights and let them see how their health data has been used or disclosed. Patients will be able to request an access report from their physician that states each individual who has viewed or accessed their medical records via the EHR system. HIPAA already has a rule that requires health care providers to track who is looking at the patients' files, but it does not require them to share that information.
The passing of this new rule could mean increased business for EMR technology vendors. It provides them the incentive to design a tracker into their system and re-market it as a major selling point to comply with the new rule. Adding a patient record access tracker in EMR software would allow reports to be easily made. If the rule passes, it will become effective on January 1st, 2013.