New HHS Guidelines Illuminate Patients’ Right to Health Data | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

New HHS Guidelines Illuminate Patients’ Right to Health Data

January 8, 2016
by Rajiv Leventhal
| Reprints

Although Health Insurance Portability and Accountability Act (HIPAA) laws have always provided individuals with the right to access their health data, consumers haven’t gotten much guidance from the feds on how to exercise that right—until now.

On Jan. 7, the Department of Health and Human Services’ (HHS) Office of Civil Rights (OCR) released guidelines to help ensure that individuals understand and can exercise their right to access their health information. In a blog post, Jocelyn Samuels, director, OCR, wrote, “Unfortunately, based on recent studies and our own enforcement experience, far too often individuals face obstacles to accessing their health information, even from entities required to comply with the HIPAA Privacy Rule.  This must change.”

Specifically, OCR released a fact sheet and the first in a series of topical Frequently Asked Questions (FAQs) to further clarify individuals’ core right under HIPAA to access and obtain a copy of their health information.  This set of FAQs addresses the scope of information covered by HIPAA’s access right, the very limited exceptions to this right, the form and format in which information is provided to individuals, the requirement to provide access to individuals in a timely manner, and the intersection of HIPAA’s right of access with the requirements for patient access under the HITECH Act’s Electronic Health Record (EHR) Incentive Program, the agency said.

Samuels’ blog post continues, “We will continue to develop additional guidance and other tools as necessary to ensure that individuals understand and can exercise their right to access their health information.  In addition, the Office for Civil Rights will work with the White House Social and Behavioral Sciences Team and the Department of Health and Human Services Office of the National Coordinator for Health Information Technology (ONC) to produce consumer-friendly resources, including sample communications tools to encourage patients to access their digital health information.”

The guidance was received with praise from many in the industry, including from Jodi Daniel, partner in the Washington, D.C.-based Crowell & Moring’s healthcare group, and former director of the Office of Policy in ONC. In a statement, Daniel said, “The government has heard for years that the reason patients don’t ask for access to their records is because there are unfair costs and other barriers to getting the information and obtaining it in the form and format that would be most useful. In this guidance, OCR is clearly trying to clarify misperceptions and direct covered entities to make information more easily available for patient access.”

Daniel continued, “The OCR guidance does a good job of clarifying misperceptions of patients’ right to access their health information in order to make the information more easily available. However, in the world of electronic information, the right of access itself does not go far enough to ensure that health information can be readily available to patients where and when they need it and in a form that is useful. In light of this guidance, covered entities and business associates should consider their practices for providing patient access to their data to ensure they are complying with the HIPAA privacy rule.”

Get the latest information on Meaningful Use and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More



Former Health IT Head in San Diego County Charged with Defrauding Provider out of $800K

The ex-health IT director at North County Health Services, a San Diego County-based healthcare service provider, has been charged with spearheading fraudulent operations that cost the organization $800,000.

Allscripts Touts 1 Billion API Shares in 2017

Officials from Chicago-based health IT vendor Allscripts have attested that the company has reached a new milestone— one billion application programming interface (API) data exchange transactions in 2017.

Dignity Health, CHI Merging to Form New Catholic Health System

Catholic Health Initiatives (CHI), based in Englewood, Colorado, and San Francisco-based Dignity Health officially announced they are merging and have signed a definitive agreement to combine ministries and create a new, nonprofit Catholic health system.

HHS Announces Winning Solutions in Opioid Code-a-Thon

The U.S. Department of Health and Human Services (HHS) hosted this week a first-of-its-kind two-day Code-a-Thon to use data and technology to develop new solutions to address the opioid epidemic.

In GAO Report, More Concern over VA VistA Modernization Project

A recent Government Accountability Office (GAO) report is calling into question the more than $1 billion that has been spent to modernize the Department of Veterans Affairs' (VA) health IT system.

Lawmakers Introduce Legislation Aimed at Improving Medicare ACO Program

U.S. Representatives Peter Welch (D-VT) and Rep. Diane Black (R-TN) have introduced H.R. 4580, the ACO Improvement Act of 2017 that makes changes to the Medicare accountable care organization (ACO) program.