In my experience, hospitals typically don't add any kind of PHI access logging to their Data Repository reports. This seems like a gap in PHI monitoring. It may be true that HIPAA provides an exemption from “disclosure reporting” for access to PHI for treatment, billing, or government reporting. However, protection of PHI should involve monitoring of access, and if you do not have any monitoring in place in your MEDITECH DR reports, you may have a gap in your patient privacy monitoring.
