<img height="1" width="1" src="https://www.facebook.com/tr?id=156746741685952&amp;ev=PageView &amp;noscript=1">
Show all

Patients' Right of Access - Get it, Check it, Use it

Patients' right of access to their health information was emphasized by multiple speakers at the annual NIST/ OCR HIPAA Security Conference in Washington D.C. in September 2017.     Just like we at 24By7Security say about Cybersecurity, “Don’t Risk it, Secure it”, OCR (Office of Civil Rights) says of patients’ health information, “Get it, Check it, Use it”.

OCR Director Roger Severino highlighted the need for patients to be empowered to take control of their own health information.   Patients have a right to access their own health information, and this is an important part of the information equation for HIPAA compliance.   Security is just one part, patients’ right of access is another.

The HIPAA Privacy Rule gives patients the right to inspect, review and receive a copy of their medical records and billing records held by health plans and providers.   Patients have a right to access both paper and electronic medical records.     They may need to pay a fee to access this information, but they have a right to receive the information in a readable format, to request corrections in their information and to have the information provided to someone else they may designate. Patients also have a right to be notified as to how their health information is being used and shared.   According to HIPAA, providers have 30 days to provide patients with the requested information.   There have been cases when patients have filed complaints with HHS when a provider has denied them access to their medical records.   According to Iliana Peters of OCR, this is the third most frequently seen complaint received by OCR.

Read about OCR desk audits

Regulators have emphasized that individuals should be empowered to take control over their health decisions in a patient-centric health system.   Providing patients with access to their health information enables patients to effectively review their records, monitor their health conditions on an ongoing basis and track their progress.

Rema Deo
Rema Deo

Rema Deo is the CEO and Managing Director at 24by7Security Inc. Rema is certified as a Health Care Information Security & Privacy Practitioner (HCISPP) from (ISC)2. She holds a certificate in Cybersecurity: Technology, Application and Policy from the Massachusetts Institute of Technology. She also has a Master of Business Administration Degree from Symbiosis Institute of Business Management in Pune, India and a Bachelor of Commerce degree from the University of Bombay. Follow along the 24by7Security blog to learn valuable insights from Rema.

Related posts

July 14, 2020
July 7, 2020
June 24, 2020

Comments are closed.

HHS provides humane relief from HIPAA sanctions and penalties after a disaster
Cybersecurity issues can impact patient care
Subscribe to our Blog!