Key Facts About HIPAA Compliance – What You Need to Know – Part 1

Key Facts About HIPAA Compliance – What You Need to Know – Part 1

by Alex Hirsch (SU)

Individuals’ Rights Under HIPAA to Access Their Health Information

Recently, the Director of the Office for Civil Rights (OCR), Roger Severino, made an announcement at the 28th Annual HIPAA Summit in Washington, D.C. The announcement was regarding the possibility of compliance reviews in the wake of numerous complaints about Covered Entities not complying with specific requirements for an individual’s right to access their own health information.

To further that point, OCR partnered with the HHS Office of the National Coordinator for Health Information Technology to create fact sheets and videos to inform patients about their rights under HIPAA.

What Are Some of Those Rights?

If you are a Covered Entity, you must know, understand, and comply with these patient rights:

  • Under the Privacy Rule, Covered Entities must usually provide a person with their own protected health information (PHI) if they request this information. (Exceptions are explained in the Privacy Rule.) The PHI would be located in one of the Covered Entity’s “designated record sets” for that person.
  • This rule also gives the requesting person the right to view and/or acquire a copy of their own PHI. The Covered Entity must also provide a copy of the person’s PHI to an outside person or entity of the person’s own choosing.
  • The Covered Entity is required to give access to this information in whole or in part as requested. (Certain types of access to a person’s PHI can be declined, as explained below.) This access must be given within 30 calendar days after receiving the person’s PHI request.
  • The Privacy Rule allows a Covered Entity to charge a reasonable fee for providing a person with a copy of their own PHI upon request. The requestor may also agree to get a summation of their own PHI rather than an actual copy.

Help with HIPAA Compliance

Our goal at Colington is to help keep your organization in full compliance of the law. We will help you make sure that those who are tasked with maintaining and sharing health care records understand all of the requirements associated with patient rights.

In our next part of this series, we will provide more of these rights. We want your organization or medical practice to stay in the loop of the latest federal governmental rules so that you can retain your excellent reputation and your outstanding bottom line – without incurring unnecessary fines.

If you would like to know more about HIPAA compliance, or if you have any questions about how you can stay in line with the rules and avoid penalties, contact us today. We would be pleased to discuss it with you and perhaps also address it in this series.

Call us toll-free at (800) 733-6379 to partner with our team in maintaining full HIPAA compliance. We look forward to hearing from you.