Printer Friendly, PDF & Email

Patient access and the path to compliance

Rita Bowen ( is VP of Privacy, Compliance, and HIM Policy, MRO, Norristown, PA.

The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule generally requires HIPAA covered entities—health plans and most healthcare providers—to provide individuals, upon request, with access to protected health information (PHI) about them in one or more “designated record sets” maintained by or for the covered entity.[1] This includes the right to inspect and/or obtain a copy and the right to direct the covered entity to transmit a copy to a designated person or entity of the individual’s choice. This right applies as long as the covered entity, or its business associate, maintains the information, regardless of the date the information was created, and whether the information is maintained in paper or electronic systems on-site, remotely, or is archived.

Providing patients access to their PHI is a top priority. Patients need secure, timely access to their medical information to make informed decisions and manage their own care. The ever-increasing enforcement actions by the Office for Civil Rights (OCR) at the U.S. Department of Health & Human Services are intended to empower patients and hold healthcare providers accountable for failure to meet HIPAA requirements. This article provides valuable insights and guidance to help organizations prepare for full compliance.

This document is only available to members. Please log in or become a member.

Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field