In: Accounting
Within the VA, we are required to keep an accounting of disclosure, which tracks the information we release to patients and other third parties. Generally, our release of information software keeps the accounting without any additional steps or actions taken by our release of information clerks. The process, however, is different for other individuals in the facility who might be releasing; such as social working, patient advocate, infectious disease, etc. Their process is generally a manual one, in which, they keep track of who they send information to. What type of information should an organization be keeping track of when they disclose information?
An individual has a right to receive an accounting of disclosures (but not uses) of protected health
information made by a covered entity in the six years prior to the date on which the accounting is
requested. The following types of disclosures are expressly not required to be included in the
accounting:
• Disclosures to carry out treatment, payment and health care operations (whether for your
organization or for another provider or covered entity as permitted under the regulations;
• Disclosures made pursuant to an authorization;
• Disclosures made to the individual;
• Disclosures for the facility’s directory or to persons involved in the individual’s care or
other notification purposes;
• Disclosures that are incidental to an otherwise permitted use or disclosure;
• Disclosures that are part of a limited data set;
• Disclosures for national security or intelligence purposes;
• Disclosures to correctional institutions or law enforcement officials; or
• Disclosures that occurred prior to the compliance date of the regulations- April 14, 2003.
The accounting must include disclosures of protected health information that occurred during the
six years (or such shorter time period at the request of the individual) prior to the date of the
request for an accounting (but not before the compliance date), including disclosures to or by
business associates of the covered entity. The accounting must include for each accountable
disclosure:
• The date of the disclosure;
• The name of the entity or person who received the protected health information and, if
known, the address of such entity or person;
• A brief description of the protected health information disclosed; and
A brief statement of the purpose of the disclosure that reasonably informs the individual of the
basis for the disclosure; or, in lieu of such statement, a copy of the written request for a
disclosure.