This article discusses a HITECH Act compliance ticking time bomb known as "Accounting of Disclosures" of PHI and that we prefer to call "Accounting for Disclosures" of PHI or "A4D" for short. Specifically, this article focuses on the "As Is" state of A4D as embodied in Privacy Rule section 164.528 and the implications of HITECH Act section 13405(c) on HHS' proposed A4D rule. HHS' proposed rule has been hotly debated and is long past due in its final form.
This webinar will review the "As Is" state of "Accounting for Disclosures" and how the HITECH Act modified it. It will also review the implications of HHS' Proposed Accounting Rule, which has been widely debated.
The ONC is proposing to add more tools to its privacy and security toolbox in order to make risk assessments easier to understand for small practices. In short, they appear to be adopting an IT mindset that says "we have to cater to our users."
What ONC doesn't get is that it's NOT that small practices don't understand risk assessments, rather it's that they DON'T want to do them. Clinicians up and down the healthcare pecking order are some of our "best and brightest." If ONC continues to treat them as "dumb users" then that is the behavior they will continue to get.
There are plenty of tools and templates in the marketplace. What small practices need to understand is that there will be consequences if they ignore the law. AND ONC does them no favors by taking this "feel good" approach and treating them like children!
That won't stop the fines that result from a major breach (e.g. another lost laptop, phone, etc.) and it won't stop the class action lawsuit that is sure to follow. When the inevitable ocurrs yet again, OCR will be forced to "whack" an unsuspecting practice, probably for "willful neglect," despite the fact that this is the behavior that they are encouraging.
Apparently, in the age of cyberwarfare, the ONC still doesn't recognize that the world has changed and that "This Ain't Your Daddy's HIPAA Anymore!"