“We need to protect people’s rights so that they know how their health information has been used or disclosed,” said an HHS official.
Under the rule, patients would be able to request an access report, which would document the identities of those who electronically viewed their protected health information.
The new rule would add to regulations already in place under the Health Insurance Portability and Accountability Act (HIPAA), which protects patient privacy and sets security standards for electronic health records.
"This proposed rule represents an important step in our continued efforts to promote accountability across the health care system, ensuring that providers properly safeguard private health information," Verdugo said.
The move is the latest in a broader effort by the Obama administration to update and streamline the medical records system in the United States.
The changes are authorized under the HITECT act, a measure that was part of the 2009 stimulus package to encourage doctors and hospitals to adopt electronic health records.
Last year, the HHS said any companies, doctors or hospitals that disclose private health information could face fines of up to $50,000 per violation.
The health agency will take comments on the proposed rule until August 1.