Key Facts About HIPAA Compliance – What You Need to Know – Part 3

Key Facts About HIPAA Compliance – What You Need to Know – Part 3

by Alex Hirsch (SU)

Individuals’ Rights Under HIPAA to Access Their Health Information

With more emphasis by the Office for Civil Rights (OCR) on specific requirements for an individual’s right to access their personal health information (PHI), the Key Facts series continues to provide you more information on this topic.

Remember, patients’ rights to access their health information must be a priority along with appropriate, required, timely follow-up.

What Is a Designated Record Set?

Every person has the right to access his or her own PHI in a “designated record set.” This refers to a collection of records that are maintained by or for a covered entity, encompassing the:

  • Medical and billing documentation about a person as maintained by or for a covered health care provider;
  • Enrollment, payment, claims, and case management information as maintained by or for a health plan; or
  • Other documentation that is used, whether fully or partially, by or for the covered entity in order to make decisions about people. This includes records regarding the person who is requesting the access.

The documentation, or “record,” refers to any item, collection, or group of information that includes a person’s PHI. It is maintained, collected, used, or disseminated by or for a covered entity.

Persons have the right to access a wide range of health information about themselves. This information may be maintained by or for covered entities, which include:

  • Medical records
  • Billing and payment records
  • Insurance information
  • Medical laboratory test results
  • Medical images, such as X-rays
  • Wellness and disease management program files
  • Medical case notes
  • Information that may be used to make decisions about people

However, when responding to a request for a person’s health information, a covered entity is not required to assemble new information that does not already exist in the designated record set.

Help with HIPAA Compliance

Our goal at Colington is to help keep your organization one step ahead. We can help you make sure that those tasked as the custodians of records understand all the requirements associated with patient rights. In our next part, we will explain more of these rights to you.

Have a question about HIPAA compliance? Let us know and we would be pleased to discuss it with you and perhaps also address it in this series. Feel free to call us at (800) 733-6379 if you have any questions about keeping your own medical practice in line with all of the latest laws and regulations.