HIPAA Patient Communication Rules

HIPAA - Access related to Patient Communication - Rules and Guidance

HHS Guidance and Preamble discussions in new rules say unencrypted e-mail between providers and patients is permitted if the patient requests it, per B'164.522 & .524

Who all have the right to Access

Individuals have a right to a broad array of PHI:

Medical records
Billing and payment records
Insurance information
Clinical laboratory test results
Medical images, such as X-rays
Wellness and disease management program files
Clinical case notes
Among other information used to make decisions about individuals

"An individual's personal representative ... also has the right to access PHI about the individual in a designated record set (as well as to direct the covered entity to transmit a copy of the PHI to a designated person or entity of the individual's choice), upon request"

Guidance to ask access

It May require a written request

May offer an electronic method

It Need to verify identity of requestor

Professional Judgment

It does not allow any unreasonable measures

Can't require requests in person only, or Web only, or by mail only

Format

Appropriate template for requesting Access developed by AHIMA which can be customized and used

Guidance how to provide or deny access

Provide in the Form or Format Requested if readily producible (including electronic, e-mail)
Provide it Timely
Fees are Cost-based ONLY

SHOULD be free copies
NO charge to view records
Denial of access limited - Must have process for denials and reviews

Guidance about rights to direct to another person

An individual also has a right to direct the covered entity to transmit the PHI about the individual directly to another person or entity designated by the individual
The individual's request to direct the PHI to another person must be in writing, signed by the individual, and clearly identify the designated person and where to send the PHI.
A covered entity may accept an electronic copy of a signed request (e.g., PDF), as well as an electronically executed request (e.g., via a secure web portal) that includes an electronic signature.
The same requirements for providing the PHI to the individual, such as the fee limitations and requirements for providing the PHI in the form and format and manner requested by the individual, apply when an individual directs that the PHI be sent to another person.

Guidance on Fees for access

Fees should include ONLY labor for copying (NOT reviewing or fetching), supplies, postage
Fees set by actual or average costs for a type of request
Flat fees for electronic copies of records, up to $6.50
It cannot be per-page fees for electronic copies
Can't charge for review or portal access
The less cost between State law or HIPAA to be followed with respect to fees
If provided by Authorization instead of Access, other fees permitted
Currently controversy over charging of excessive fees by records management vendors

Popular Trainings

HIPAA Planning for 2018 - Protecting Patient Information Privacy and Security

Healthcare, Cybersecurity, and HIPAA - New Threats and New Guidance

Patients Suing Under HIPAA

Texting and E-mail with Patients - Meeting Patient Desires Within the HIPAA Rules

Patient Rights, Medical Records and HIPAA - What You Need to Know as a Healthcare Provider

Patient Access of Medical Records under HIPAA - New HHS Guidance, New Focus for HIPAA Audits

HIPAA Texting and Emailing | Myths vs Realities

HIPAA and New Technologies - How To Use Social Media and Texting Without Breaking the Rules

By using this site you agree to our use of cookies. Please refer to our privacy policy for more information. Close

HIPAA Patient Communication Rules

Popular Trainings