New HHS Guidelines Illuminate Patients’ Right to Health Data | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

New HHS Guidelines Illuminate Patients’ Right to Health Data

January 8, 2016
by Rajiv Leventhal
| Reprints

Although Health Insurance Portability and Accountability Act (HIPAA) laws have always provided individuals with the right to access their health data, consumers haven’t gotten much guidance from the feds on how to exercise that right—until now.

On Jan. 7, the Department of Health and Human Services’ (HHS) Office of Civil Rights (OCR) released guidelines to help ensure that individuals understand and can exercise their right to access their health information. In a blog post, Jocelyn Samuels, director, OCR, wrote, “Unfortunately, based on recent studies and our own enforcement experience, far too often individuals face obstacles to accessing their health information, even from entities required to comply with the HIPAA Privacy Rule.  This must change.”

Specifically, OCR released a fact sheet and the first in a series of topical Frequently Asked Questions (FAQs) to further clarify individuals’ core right under HIPAA to access and obtain a copy of their health information.  This set of FAQs addresses the scope of information covered by HIPAA’s access right, the very limited exceptions to this right, the form and format in which information is provided to individuals, the requirement to provide access to individuals in a timely manner, and the intersection of HIPAA’s right of access with the requirements for patient access under the HITECH Act’s Electronic Health Record (EHR) Incentive Program, the agency said.

Samuels’ blog post continues, “We will continue to develop additional guidance and other tools as necessary to ensure that individuals understand and can exercise their right to access their health information.  In addition, the Office for Civil Rights will work with the White House Social and Behavioral Sciences Team and the Department of Health and Human Services Office of the National Coordinator for Health Information Technology (ONC) to produce consumer-friendly resources, including sample communications tools to encourage patients to access their digital health information.”

The guidance was received with praise from many in the industry, including from Jodi Daniel, partner in the Washington, D.C.-based Crowell & Moring’s healthcare group, and former director of the Office of Policy in ONC. In a statement, Daniel said, “The government has heard for years that the reason patients don’t ask for access to their records is because there are unfair costs and other barriers to getting the information and obtaining it in the form and format that would be most useful. In this guidance, OCR is clearly trying to clarify misperceptions and direct covered entities to make information more easily available for patient access.”

Daniel continued, “The OCR guidance does a good job of clarifying misperceptions of patients’ right to access their health information in order to make the information more easily available. However, in the world of electronic information, the right of access itself does not go far enough to ensure that health information can be readily available to patients where and when they need it and in a form that is useful. In light of this guidance, covered entities and business associates should consider their practices for providing patient access to their data to ensure they are complying with the HIPAA privacy rule.”

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More



Study will Leverage Connecticut HIE to Help Prevent Suicides

A new study will aim to leverage CTHealthLink, a physician-led health information exchange (HIE) in Connecticut, to help identify the factors leading to suicide and to ultimately help prevent those deaths.

Duke Health First to Achieve HIMSS Stage 7 Rating in Analytics

North Carolina-based Duke Health has become the first U.S. healthcare institution to be awarded the highest honor for analytic capabilities by HIMSS Analytics.

NIH Releases First Dataset from Adolescent Brain Development Study

The National Institutes of Health (NIH) announced the release of the first dataset from the Adolescent Brain Cognitive Development (ABCD) study, which will enable scientists to conduct research on the many factors that influence brain, cognitive, social, and emotional development.

Boston Children's Accelerates Data-Driven Approach to Clinical Research

In an effort to bring a more data-driven approach to clinical research, Boston Children’s Hospital has joined the TriNetX global health research network.

Paper Records, Films Most Common Type of Healthcare Data Breach, Study Finds

Despite the high level of hospital adoption of electronic health records and federal incentives to do so, paper and films were the most frequent location of breached data in hospitals, according to a recent study.

AHA Appoints Senior Advisor for Cybersecurity and Risk

The American Hospital Association (AHA) has announced that John Riggi has joined the association as senior advisor for cybersecurity and risk.