<img height="1" width="1" src="https://www.facebook.com/tr?id=156746741685952&amp;ev=PageView &amp;noscript=1">
Show all

Patients' Right of Access - Get it, Check it, Use it

Patients' right of access to their health information was emphasized by multiple speakers at the annual NIST/ OCR HIPAA Security Conference in Washington D.C. in September 2017.     Just like we at 24By7Security say about Cybersecurity, “Don’t Risk it, Secure it”, OCR (Office for Civil Rights) says of patients’ health information, “Get it, Check it, Use it”.

OCR Director Roger Severino highlighted the need for patients to be empowered to take control of their own health information.   Patients have a right to access their own health information, and this is an important part of the information equation for HIPAA compliance.   Security is just one part, patients’ right of access is another.

The HIPAA Privacy Rule gives patients the right to inspect, review and receive a copy of their medical records and billing records held by health plans and providers.   Patients have a right to access both paper and electronic medical records.     They may need to pay a fee to access this information, but they have a right to receive the information in a readable format, to request corrections in their information and to have the information provided to someone else they may designate. Patients also have a right to be notified as to how their health information is being used and shared.   According to HIPAA, providers have 30 days to provide patients with the requested information.   There have been cases when patients have filed complaints with HHS when a provider has denied them access to their medical records.   According to Iliana Peters of OCR, this is the third most frequently seen complaint received by OCR.

Read about OCR desk audits

Regulators have emphasized that individuals should be empowered to take control over their health decisions in a patient-centric health system.   Providing patients with access to their health information enables patients to effectively review their records, monitor their health conditions on an ongoing basis and track their progress.

Rema Deo
Rema Deo

As CEO and Managing Director of 24By7Security, Inc., Rema is a highly experienced and credentialed information security professional. Among her certifications are PCI Qualified Security Assessor (QSA) from PCI SSC, Health Care Information Security & Privacy Practitioner (HCISPP) from (ISC)2, Certified Information Security Manager (CISM), and Certified Information Security Auditor (CISA) from ISACA. She also holds a certificate in Cybersecurity: Technology, Application, and Policy from the Massachusetts Institute of Technology, and Certified Data Privacy Practitioner (CDPP) from Network Intelligence. She earned her MBA from Symbiosis Institute of Business Management in Pune, India, and her Bachelor of Commerce degree from the University of Bombay. Be sure to follow the 24By7Security Blog for valuable insights from Rema and her colleagues.

Related posts

February, 20 2024
February, 14 2024
February, 6 2024

Comments are closed.

HHS provides humane relief from HIPAA sanctions and penalties after a disaster
On-site audits to follow OCR Phase 2 HIPAA desk audits
Subscribe to our Blog!