Skip to content
What is a HIPAA Accounting?Compliancy Group2021-08-09T17:12:35-04:00 What is a HIPAA Accounting? Show
Under the HIPAA Privacy Rule, an individual, under certain circumstances, has the right to receive an accounting of disclosures — HIPAA Accounting — of that individual’s protected health information (PHI) made by a covered entity in the last six years prior to the date on which the account is requested. What Information Must be Included in a HIPAA Accounting?The HIPAA Privacy Rule requires certain information to be included in a HIPAA accounting made by a covered entity. This information must include disclosures of protected health information that occurred during the six years prior to the date of the request of the accounting. The accounting must include disclosures to or by business associates of the covered entity. An individual may request a HIPAA accounting of disclosures of PHI for a period of time less than six years from the date of the request. If such request is made, the accounting must include disclosures of PHI that occurred during this shorter time period. Generally, the HIPAA accounting of disclosures of PHI must include, for each disclosure:
By When Must the HIPAA Accounting be Provided?The covered entity must provide the requested accounting no later than 60 days after receipt of such a request. If the covered entity is unable to provide the accounting within the 60 days, the covered entity may extend the time to provide the accounting for up to an additional 30 days, provided that:
Can a Covered Entity Charge a Fee for a HIPAA Accounting?Under the HIPAA Privacy Rule, the covered entity must provide the first accounting to an individual in any 12 month period without charge. The covered entity may charge a reasonable, cost-based fee (i.e., a fee based on costs incurred by the covered entity with respect to responding to the accounting) for each subsequent request for an accounting by the same individual within the 12 month period, provided that:
When is a Covered Entity Not Required to Provide a HIPAA Accounting?The HIPAA Privacy Rule requires certain information to be included in a HIPAA accounting made by a covered entity. This information must include disclosures of protected health information that occurred during the six years prior to the date of the request of the accounting. The accounting must include disclosures to or by business associates of the covered entity. The individual has the right to a HIPAA accounting except for disclosures that are made:
Learn How Simple Compliance Can BeWith HIPAA Compliance SoftwareHIPAA Compliancewith Compliancy GroupPage load linkImportant HIPAA Deadline: December 31st, Required Assessment Due How long does a covered entity have to provide an individual with an accounting of disclosures of PHI?The covered entity must provide the requested accounting no later than 60 days after receipt of such a request.
For what period of time may an individual request an accounting of the disclosures of his or her PHI made by a covered entity?(3) An individual may request an accounting of disclosures for a period of time less than six years from the date of the request.
How many days does an entity have to respond to an amendment request?The covered entity must act timely, usually within 60 days, to correct the record as requested by the individual or to notify the individual the request is denied.
How long must any disclosure of TPO be tracked?The accounting must include all covered disclosures in the six years prior to the date of the person's request.
|