March 24th, 2009

 According to new legislation, physicians now will be required to track any disclosure of a patient’s medical information. Previous regulations allowed physicians to disclose patient information for the purpose of treatment, payment or health care operations, but they were not required to track when that information was disclosed. 

However, this should be easy to manage for physicians who use an electronic health record as hopefully EHR vendors will provide such a functionality out-of-the-box to track every time patient information is disclosed.
In addition, the legislation requires practices to post information about security breaches if a breach affects 10 or more patients and must notify all of their patients, a local media outlet, and the HHS secretary if the breach affects 500 or more patients.

