Thursday, January 28, 2016

HHS clarifies individual rights under HIPAA Privacy Rule

Karen B. DeSalvo, MD, MPH
Last week, the U.S. Department of Health and Human Services Office for Civil Rights, the entity responsible for interpreting and enforcing HIPAA, published an important set of Frequently Asked Questions (FAQs) clarifying how an individual’s right to access their individual health information operates, including key points related to electronic health information sharing. 

The clarifications made by this guidance help ensure that all Americans have access to their health information, in the form
and format requested, when and where they need it most – a fundamental component of a high quality, person-centered health system as reflected in the Office of the National Coordinator for Health IT’s (ONC’s) recently released Connecting Health and Care for the Nation: A Shared Nationwide Interoperability Roadmap version 1.0 (Roadmap).

Specifically the Office for Civil Rights has made clear in the FAQs on HIPAA privacy rights, that:
  • Accessing and obtaining copies of one’s health information for one’s own purposes is a right, not a privilege. A disclosing provider or plan covered under HIPAA can refuse access only in very limited circumstances.
  • This right extends to a broad array of information, including labs, images, prescription history, physician notes, diagnoses, and similar information.
  • The right includes access to an electronic copy of one’s health information contained in an electronic health record (EHR) or otherwise maintained in an electronic format, whenever the provider or its business associate is capable of producing an electronic copy, not just if they are willing to produce such information.
  • Functions specified in ONC’s regulations on Certified EHR Technology empower individuals to take advantage of this HIPAA right because ONC’s rule makes transmission by the consumer a required functionality of certified EHR software.
Source: HealthIT Buzz, blog post by  Karen B. DeSalvo, M.D., M.P.H., M.Sc., and
Lucia Savage, Esq. / Chief Privacy Officer

No comments:

Post a Comment