HHS Clarifies Patients’ Right To Health Data

Written by: Patrick Powell, Esq.

Under HIPAA, patients have the right to access and obtain a copy of their health information from physicians, hospitals, and insurers.  However, recent reports have concluded individuals often face barriers to accessing their information, even from entities required under HIPAA to provide the data.

Understanding HIPAA’s requirements regarding patients’ access to medical data is critical for physicians, hospitals, and insurers.  Failure to comply with HIPAA can subject medical providers to substantial penalties and harm good will with patients.

On Thursday, January 7, 2016, HHS released guidelines on patients’ access to their health data.  According to AHA News, the guidelines aim to help patients exercise their right under HIPAA to access their health information.  Specifically, the guidelines are reported to clarify, among other things: (1) the types of information covered by HIPAA’s access rule; (2) the exceptions to the access rule; and (3) how HIPAA’s access rule intersects with patient access requirements under the meaningful use program.

Providers who demonstrate meaningful use of certified electronic health records can qualify for Medicaid and Medicare incentive payments.  According to the guidelines, HIPAA grants patients access to information about themselves to help make decisions about their health care.  This information includes: (1) insurance information; (2) lab results; and (3) medical records.

Meanwhile, information excluded from HIPAA’s access right provision includes that which is not used to make decisions about patients, such as patient safety activity reports or quality assessment or improvement records.  The guidelines note that other excluded information includes psychotherapy notes taken and maintained separately by a mental health care provider and information compiled for civil, criminal or administrative actions or proceedings.  Furthermore, the guidelines note that entities have 30 days to respond to access requests.  However, meaningful use requirements can help fulfill patients’ requests in a shorter time period that HIPAA.

These guidelines provide direction in understanding, complying, and implementing policies to satisfy HIPAA’s requirements for patient access to medical records.

The release of these guidelines present a timely opportunity for physicians, hospitals, and insurers to review and adjust their standard operating procedures.  Contact me at ppowell@hallboothsmith.com or 912-554-0093 if you need help complying with HIPAA’s requirements regarding patient access to medical data.