- Omnibus HIPAA: BAs, breaches will get worse before better
- OCR seeks HIPAA audit feedback
- ISU to pay HHS $400K for violating HIPAA
- Former UConn employee breached health records
- OCR's message in HIPAA settlement: Encrypt your data
- OCR looking for 'high level of sensitivity' in data breaches
- OCR's Rodriguez says patients' interests define HIPAA enforcement priorities
- OCR sees more fines to drive privacy, security
- Event Log Management & Compliance Best Practices: For Government & Healthcare Industry Sectors
- Palomar Health Choses EXTENSION's Alert Management Software Solution
- The State of EHR Adoption: On The Road to Improving Patient Safety
- Proactive Security and Privacy Monitoring for Modern Healthcare Networks
- Beyond the EHR: Seamlessly Connecting Nurses and Physicians Using an EHR-Extender (EHR-e)
WASHINGTON – The administration’s top enforcer of health information privacy and security has issued an official reminder that patients have a legal right to access their medical records, and they should use it.
Patients can also print the single-page memo to take with them when they visit their provider to support their request.
Leon Rodriguez, director of the Office of Civil Rights, released the right to access memorandum to educate consumers on their legal right to obtain a copy of their health information. OCR enforces the Health Insurance Portability and Accountability Act (HIPAA) and oversees health information privacy in the Health and Human Services Department.
It is important that consumers understand this right because it will enable them to engage more fully in their health care, he said. While HIPAA has always permitted this right to access, many consumers face barriers in getting their health information.
“We’re hearing more and more about widespread issues, patients being denied or obstructed in their access to their records. So we thought it was important to arm patients with something very easy to bring to their providers to say, in fact, the law requires you to give me my records, but for certain exceptions,” he said June 7 in comments to Government Health IT at a HIPAA conference sponsored by OCR and the National Institute of Standards and Technology (NIST).
Some providers are afraid to give patients their health information, and some think that HIPAA requires them to make it hard for patients to get their own records, Rodriguez said. Many patients are unaware that they can access their records.
Besides data breach and HIPAA compliance investigations, OCR can help consumers in more immediate situations, such as when it is difficult for patients to obtain their records during a hospital stay.
“We can help people in the moment," he explained. "If there is a misunderstanding on the part of their provider, through our regional offices we can communicate with providers to make sure that they understand."
HIPAA is about privacy and security, but it’s also about access and patient autonomy over their health records. It’s important to understand these requirements in a broader context. “HIPAA is a valve not a blockage, and it needs to be understood that way,” Rodriguez said.
OCR published the right to access memo in conjunction with the June 4 White House Patient Access to Health Data Summit , which explored best practices to advance consumer access to their information. The OCR memo enumerates resources and tips to support patient access.
OCR also recently posted to YouTube a video about a patient’s right of access to their health information and the ability of caregivers assisting a patient in their care to do so as well.