Jeff,
The reference is not in the Security Rule ... it's in the Privacy Rule.
"§ 164.528 Accounting of disclosures of protected health information.
(a) Standard: Right to an accounting of disclosures of protected health
information. (1) An individual has a right to receive an accounting of
disclosures of protected health information made by a covered entity in
the six years prior to the date on which the accounting is requested,
except for disclosures?"
Marsha
Verizon Information Technologies
Managed Care Division
Phoenix, AZ
Home of the Back To Back NL West Champion ARIZONA DIAMONDBACKS
Phone - 602.678.6042
Fax - 602.678.6331
E-mail - [EMAIL PROTECTED]
Verizon Information Technologies offers a broad range of IT solutions and
in-depth healthcare business expertise to the healthcare industry: Payer
processing systems, secure data center, outsourcing services and HIPAA
consulting to name a few. Visit us online at www.VerizonIT.com to learn
how you can take advantage of one of the world's most advanced IT
infrastructures.
Confidentiality Notice: This e-mail message, including any attachments, is
for the sole use of the intended recipient(s) and may contain confidential
and privileged information. Any unauthorized review, use, disclosure or
distribution is prohibited. If you are not the intended recipient, please
contact the sender by reply e-mail and destroy all copies of the original
message.
"KERBER, JEFF"
<[EMAIL PROTECTED] To: "WEDI SNIP Security
Workgroup List" <[EMAIL PROTECTED]>
> cc:
Subject: RE: Acceptable time-frames to
keep Audit logs
07/22/2003 11:14
AM
Please respond to
"KERBER, JEFF"
Where in the security rules do you see a 6 year mandate for audit logs?
-----Original Message-----
From: Price, Carolyn [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 22, 2003 12:39 PM
To: WEDI SNIP Security Workgroup List
Subject: RE: Acceptable time-frames to keep Audit logs
HIPAA mandates 6 years. However, state laws vary, and if your state law
requires a retention period that is longer than the HIPAA mandate, the
state
law rules.
Carolyn Price
-----Original Message-----
From: Pat Cupo [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 22, 2003 10:25 AM
To: WEDI SNIP Security Workgroup List
Subject: Acceptable time-frames to keep Audit logs
We are currently developing policies & procedures for Audit & System
Change Controls. Does anyone have an idea as to how long these Audit
logs must be kept?
Patrick J. Cupo
Senior Systems Coordinator
Abington Memorial Hospital
(215) 481-5606
[EMAIL PROTECTED]
"We Provide Very Good Care"
****************** CONFIDENTIALITY NOTICE **********************
This e-mail contains LEGALLY PRIVILEGED AND CONFIDENTIAL INFORMATION
intended only for the use of the recipient named above. If you are not
the intended recipient, you are hereby notified that any dissemination or
copying of this e-mail is strictly prohibited. If you have received this
e-mail in error, please notify the transmitting hospital by telephone or
e-mail and delete the original e-mail received in error.
THIS INFORMATION HAS BEEN DISCLOSED TO YOU FROM RECORDS WHOSE
CONFIDENTIALITY IS PROTECTED BY STATE AND FEDERAL LAW. ANY FURTHER
DISCLOSURE, COPYING, DISTRIBUTION OR ACTION TAKEN IN RELIANCE ON THE
CONTENTS OF THESE DOCUMENTS WITHOUT THE PRIOR WRITTEN CONSENT OF THE
PERSON TO WHOM IT PERTAINS IS PROHIBITED. YOU ARE REQUIRED TO DESTROY
THE INFORMATION AFTER THE STATED NEED HAS BEEN FULFILLED.
---
The WEDI SNIP listserv to which you are subscribed is not moderated. The
discussions on this listserv therefore represent the views of the
individual
participants, and do not necessarily represent the views of the WEDI Board
of Directors nor WEDI SNIP. If you wish to receive an official opinion,
post
your question to the WEDI SNIP Issues Database at
http://snip.wedi.org/tracking/. These listservs should not be used for
commercial marketing purposes or discussion of specific vendor products and
services. They also are not intended to be used as a forum for personal
disagreements or unprofessional communication at any time.
You are currently subscribed to wedi-security as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at
http://subscribe.wedi.org or send a blank email to
[EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same
as
the address subscribed to the list, please use the Subscribe/Unsubscribe
form at http://subscribe.wedi.org
---
The WEDI SNIP listserv to which you are subscribed is not moderated. The
discussions on this listserv therefore represent the views of the
individual
participants, and do not necessarily represent the views of the WEDI Board
of Directors nor WEDI SNIP. If you wish to receive an official opinion,
post
your question to the WEDI SNIP Issues Database at
http://snip.wedi.org/tracking/. These listservs should not be used for
commercial marketing purposes or discussion of specific vendor products and
services. They also are not intended to be used as a forum for personal
disagreements or unprofessional communication at any time.
You are currently subscribed to wedi-security as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at
http://subscribe.wedi.org or send a blank email to
[EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same
as
the address subscribed to the list, please use the Subscribe/Unsubscribe
form at http://subscribe.wedi.org
"This electronic message may contain information that is confidential
and/or
legally privileged. It is intended only for the use of the individual(s)
and entity named as recipients in the message. If you are not an intended
recipient of the message, please notify the sender immediately and delete
the material from any computer. Do not deliver, distribute, or copy this
message, and do not disclose its contents or take action in reliance on the
information it contains. Thank you."
---
The WEDI SNIP listserv to which you are subscribed is not moderated. The
discussions on this listserv therefore represent the views of the
individual participants, and do not necessarily represent the views of the
WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official
opinion, post your question to the WEDI SNIP Issues Database at
http://snip.wedi.org/tracking/. These listservs should not be used for
commercial marketing purposes or discussion of specific vendor products and
services. They also are not intended to be used as a forum for personal
disagreements or unprofessional communication at any time.
You are currently subscribed to wedi-security as:
[EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at
http://subscribe.wedi.org or send a blank email to
[EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same
as the address subscribed to the list, please use the Subscribe/Unsubscribe
form at http://subscribe.wedi.org
---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions
on this listserv therefore represent the views of the individual participants, and do
not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If
you wish to receive an official opinion, post your question to the WEDI SNIP Issues
Database at http://snip.wedi.org/tracking/. These listservs should not be used for
commercial marketing purposes or discussion of specific vendor products and services.
They also are not intended to be used as a forum for personal disagreements or
unprofessional communication at any time.
You are currently subscribed to wedi-security as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at
http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the
address subscribed to the list, please use the Subscribe/Unsubscribe form at
http://subscribe.wedi.org
