New Guidance on an Individual’s Right to Access Their Personal Health Information

February 27, 2016

The Department of Health and Human Services recently released new guidance regarding an individual’s right to access his Personal Health Information (PHI). The HIPAA Privacy Rule generally requires that HIPAA covered entities provide individuals, upon request, with access to their PHI. Covered entities may require that the individual request access in writing and may offer electronic methods for submitting these requests for access.  When granting access, the Privacy Rule requires that covered entities take reasonable steps to verify the identity of the individual making a request but does not mandate a particular form of verification. A covered entity may not, however, impose unreasonable measures on an individual requesting access to his PHI. Some examples of unreasonable measures according to the new guidance include requiring an individual to: come to a physical office, use a web portal or mail a request. These individual access rights extend to PHI maintained by the covered entity’s business associates, so covered entities are required to produce PHI maintained or held by business associates.

Please reload

Featured Posts

HIPAA Fines--Not Going Away!

January 15, 2016

The Office of Civil Rights (OCR) of the U.S. Department of Health and Human Services recently announced a resolution agreement with Triple-S Managemen...

Please reload

Recent Posts
Please reload

Please reload

© 2019 by Ledbetter Parisi LLC.