Stream: implementers
Topic: history depth
Lital Inghel (Mar 10 2022 at 14:01):
is there a regulatory requirement as to history depth for the patient data requested?
Daniel Venton (Mar 10 2022 at 14:40):
As far as I know and IANAL, HIPAA requires you to maintain an audit of every change made to a clinical resource.
I have not seen any regulatory requirement (In the US, applying to Payers) that version history is required to be made available. If there is one I would expect it to say full history. You could probably, IANAL, that patient access api requires data back to 2016-01-01 so any history before that date would be excluded. If Patient Access API required history of resources at all.
This is a technical forum, as with any "what does regulation require me to do?" questions, consult the lawyer that is going to have to represent you in front of said regulatory agency. In my case, I work for a payer in the US. I can't speak to what AU might require you to do, and likely neither could my company's US lawyers.
Last updated: Apr 12 2022 at 19:14 UTC
