WASHINGTON (Reuters) - Patients could obtain a list of everyone who has accessed their electronic medical record under a rule proposed on Tuesday by the Department of Health and Human Services.
Healthcare providers must currently keep track of everyone who accesses private medical records, but they do not have to provide that information to patients.
“We need to protect people’s rights so that they know how their health information has been used or disclosed,” said Georgina Verdugo, director of the HHS Office for Civil Rights, which is proposing the changes, in a statement.
Under the rule, patients would be able to request an access report, which would document the identities of those who electronically viewed their protected health information.
The new rule would add to regulations already in place under the Health Insurance Portability and Accountability Act (HIPAA), which protects patient privacy and sets security standards for electronic health records.
“This proposed rule represents an important step in our continued efforts to promote accountability across the health care system, ensuring that providers properly safeguard private health information,” Verdugo said.
The move is the latest in a broader effort by the Obama administration to update and streamline the medical records system in the United States.
The changes are authorized under the HITECT act, a measure that was part of the 2009 stimulus package to encourage doctors and hospitals to adopt electronic health records.
Last year, the HHS said any companies, doctors or hospitals that disclose private health information could face fines of up to $50,000 per violation.
The health agency will take comments on the proposed rule until August 1.
Reporting by Anna Yukhananov; editing by Matthew Lewis