Teri -- You are overstating the accounting for disclosures requirenment.
Under the modified final rule, the only disclosures that are subject to
the accounting for disclosure under  164.528 are most post-4/14/03 (but
not all) disclosures that are made without an authorization under 
164.512 (e.g., disclosures to public health authorities, law enforcement
authorities, and health oversight agencies, disclosures required by law,
decedent related disclosures) and the covered entity's (or its business
associate's) erroneous disclosures. Consequently, for example,
disclosures to the individual or the individual's personal
representative or to family members under  164.510(b) are not
accountable under  164.528. 

The Privacy Rule includes a requirement to maintain copies of
authorizations for six years from its creation or it last effective date
whichever is later (164.508(b)(6), 164.530(j)), and I am not
discouraging the tracking of disclosure as a safeguard measure. However,
the accounting for disclosures at this point really is quite limited to
special situations that should be handled in a centralized manner. I
have copied the relevant text of  164.528 below.  
Best regards, Dave Ermer

 164.528 Accounting of disclosures of
protected health information.
(a) Standard: right to an accounting of
disclosures of protected health information.
(1) An individual has a right to receive an
accounting of disclosures of protected health
information made by a covered entity in the
six years prior to the date on which the
accounting is requested, except for
disclosures:
(i) To carry out treatment, payment and
health care operations as provided in 
164.506;
(ii) To individuals of protected health
information about them as provided in 
164.502;
(iii) Incident to a use or disclosure
otherwise permitted or required by this
subpart, as provided in  164.502;
(iv) Pursuant to an authorization as
provided in  164.508;
(v) For the facility's directory or to
persons involved in the individual's care or
other notification purposes as provided in 
164.510;
(vi) For national security or intelligence
purposes as provided in  164.512(k)(2);
(vii) To correctional institutions or law
enforcement officials as provided in 
164.512(k)(5);
(viii) As part of a limited data set in
accordance with  164.514(e); or
(ix) That occurred prior to the
compliance date for the covered entity.



Gordon & Barnett
1133 21st St., NW, Suite 450
Washington, DC 20036
202-833-3400 ext 3009 (voice)
202-223-0120 (fax)
www.gordon-barnett.com
>>> "Teri Baskett" <[EMAIL PROTECTED]> 02/17/03 13:07 PM >>>
I hate to weigh in here one more time, but my understanding what that we
have to provide the pt/client an accounting of all disclosures that were
not specifically covered by an authorization (initially, it was
interpreted that those had to be logged and tracked also, but that was
amended in the final regs, since the argument was made that the pt would
have knowledge of disclosures s/he had authorized in writing).  I know
another gentleman on this thread last week indicated that he planned to
track those also, just to keep the disclosure log complete and to
simplify the procedures for HIM staff; however, I do believe that
authorized disclosures are not required to be tracked.

So, our disclosure log must contain a record of all disclosures not
covered by a written authorization and those that are not a part of
treatment, payment and healthcare operations.  Regardless of everything
we list in the NPP (and it should list all these as possibilities), we
have to track these and record them, providing them for a pt when
requested.

Have I confused different parts of the regs in this interpretation?

Teri Baskett, CISO
LifeSpring Mental Health Services
[EMAIL PROTECTED]



---
The WEDI SNIP listserv to which you are subscribed is not moderated. The
discussions on this listserv therefore represent the views of the
individual participants, and do not necessarily represent the views of
the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an
official opinion, post your question to the WEDI SNIP Issues Database at
http://snip.wedi.org/tracking/.   These listservs should not be used for
commercial marketing purposes or discussion of specific vendor products
and services.  They also are not intended to be used as a forum for
personal disagreements or unprofessional communication at any time.

You are currently subscribed to wedi-privacy as:
[EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at
http://subscribe.wedi.org or send a blank email to
[EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the
same as the address subscribed to the list, please use the
Subscribe/Unsubscribe form at http://subscribe.wedi.org


---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions 
on this listserv therefore represent the views of the individual participants, and do 
not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If 
you wish to receive an official opinion, post your question to the WEDI SNIP Issues 
Database at http://snip.wedi.org/tracking/.   These listservs should not be used for 
commercial marketing purposes or discussion of specific vendor products and services.  
They also are not intended to be used as a forum for personal disagreements or 
unprofessional communication at any time.

You are currently subscribed to wedi-privacy as: archive@mail-archive.com
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at 
http://subscribe.wedi.org or send a blank email to 
[EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the 
address subscribed to the list, please use the Subscribe/Unsubscribe form at 
http://subscribe.wedi.org

Reply via email to