Key Facts About HIPAA Compliance – What You Need to Know – Part 2

Key Facts About HIPAA Compliance – What You Need to Know – Part 2

by Alex Hirsch (SU)

Individuals’ Rights to Access Health Information Under HIPAA

With more emphasis by the Office for Civil Rights (OCR) on specific requirements for an individual’s right to access their own health information, our Key Facts series continues to provide you more information on this topic.

Remember, patients’ rights to access their health information must be a priority along with appropriate and timely follow-up as required.

Make sure your workforce understands these requirements.

What Are Some of Those Rights?                                                                                                                                                      

If you are a Covered Entity, you must know and understand these patient rights:

The HIPAA Privacy Rule enables covered entities to require patients to put their health-information request in writing. It also requires that the person’s identity be verified.

However, a covered entity cannot impose unreasonable requirements to a person requesting access to their health information, and this entity also cannot create an unreasonable delay to this access.

For example, a physician cannot require a health-information requestor to:

  • Physically come to the physician’s office to request access and provide identification if the patient simply wants the medical records sent to their home address on file.
  • Request access via a web portal. Not everyone has access to the internet.
  • Send the request via mail. This can cause unreasonable delays in obtaining access.

Therefore, a covered entity cannot require any of the above of individuals, but the entity may allow individuals to request their own health information in any of those three ways (in person, portal, or mail-in request). Covered entities are encouraged to offer patients several ways in which they can request access of their health information.

Help with HIPAA Compliance

Our goal at Colington is to help keep your organization one step ahead in making sure those tasked as the custodians of medical records understand all of the requirements associated with patient rights. In our next article, we will explain more of these rights.

Have a question about HIPAA compliance? Let us know and we would be pleased to discuss it with you and perhaps also address it in this series. You can also reach us at (800) 733-6379 today.