Kelly Kennedy reports:
A proposed federal rule would require hospitals, doctors’ offices and health insurers to tell patients of anyone who has accessed their electronic medical records, if requested.
Under the rule proposed by the Department of Health and Human Services (HHS), health-care-related businesses must list everyone in their firms — from doctors to data-entry clerks — who has accessed a patient’s electronic records and when.
Read more on USA Today.
I doubt most people would ever make that kind of request but it’s an interesting proposed rule that may have a significant benefit overall: it may ensure that covered entities are really logging access to patient records. Hopefully, they’ll also go on to audit the access logs. While many covered entities already do that, not all do, even though it’s an important element of security and privacy protection.