The College of Healthcare Information Management Executives (CHIME) has expressed its opposition to a proposed HIPAA privacy rule change that would enable patients to access reports of their electronic medical record.
In a letter dated July 21 to Georgina Verdugo, director of the U.S. Department of Health and Human Services' Office for Civil Rights, the organization said that the proposed changes would establish standards that would be difficult for providers to meet.
The proposed rule enabling patients to request a report that identifies people who have electronically viewed their health records relies too much on technical capabilities that are not yet widely available, the letter also stated. In addition, CHIME expressed concern that the rule fails to acknowledge the amount of work needed for a healthcare organization to achieve compliance.
"Designated record sets (DRSs) remain too broadly defined and too variable in today's health IT environment," wrote Richard Correll, CHIME president and CEO, and Lynn Vogel, CHIME board chairman. "Moreover, the ability to aggregate hundreds or even thousands of access events in any automated fashion is not realistic for most covered entities, never mind across covered entities and their numerous business associates."
The 2002 HIPAA privacy rule defined a DRS as the medical record and billing record about individuals maintained by or for the provider, as well as any other group of records that are used to make decisions about individuals. If access reports are included in the new rules, CHIME believes that only data gathered through certified electronic health records should be expected to populate such reports, rather than the full array of designated record sets.
A copy of the letter, which includes other recommendations, can be accessed here.
