WHAT IS THE "RIGHT OF ACCESS"?
Under the HIPAA Privacy Rule, covered entities are to provide individuals with access to their protected health information (PHI) upon request. This requested information is typically defined within what is known as a “designated record set” (DRS), which includes information maintained by a covered entity. Unless a very good, limited reason exists for excluding a piece of information, it is most likely considered part of the DRS. At a minimum, it typically includes:
What is excluded from the DRS?
WHAT ARE THE DETAILS SURROUNDING REQUESTS FOR ACCESS?
WHAT ABOUT ACCESS DENIAL?
Specific circumstances allow a covered entity to deny a request for access. These are categorized as either reviewable or unreviewable.Unreviewable grounds for denial:
OTHER REQUST OPTIONS
Individuals may also request PHI through a HIPAA authorization form. This differs from the HIPAA right of access:
HOW HEALTHMARK CAN HELP
There are several nuances within the context of Right of Access. Our goal is to help you understand the most important aspects in an easily digestible format, while we remain focused on combing through the details. Regulatory changes are constant, and we want our clients to be apprised and well-positioned to both succeed and stay compliant.
We are fortunate to have a strong legal team and access to other experts, including the former Acting Deputy Director for HIPAA at the Department of Health and Human Services, Office for Civil Rights. If your team needs clarification on any specifics related to the release of medical records and how it relates to designated records sets and access rights, please contact us at firstname.lastname@example.org or reach out to your Client Success Manager.