New HHS Guidelines Illuminate Patients’ Right to Health Data | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

New HHS Guidelines Illuminate Patients’ Right to Health Data

January 8, 2016
by Rajiv Leventhal
| Reprints

Although Health Insurance Portability and Accountability Act (HIPAA) laws have always provided individuals with the right to access their health data, consumers haven’t gotten much guidance from the feds on how to exercise that right—until now.

On Jan. 7, the Department of Health and Human Services’ (HHS) Office of Civil Rights (OCR) released guidelines to help ensure that individuals understand and can exercise their right to access their health information. In a blog post, Jocelyn Samuels, director, OCR, wrote, “Unfortunately, based on recent studies and our own enforcement experience, far too often individuals face obstacles to accessing their health information, even from entities required to comply with the HIPAA Privacy Rule.  This must change.”

Specifically, OCR released a fact sheet and the first in a series of topical Frequently Asked Questions (FAQs) to further clarify individuals’ core right under HIPAA to access and obtain a copy of their health information.  This set of FAQs addresses the scope of information covered by HIPAA’s access right, the very limited exceptions to this right, the form and format in which information is provided to individuals, the requirement to provide access to individuals in a timely manner, and the intersection of HIPAA’s right of access with the requirements for patient access under the HITECH Act’s Electronic Health Record (EHR) Incentive Program, the agency said.

Samuels’ blog post continues, “We will continue to develop additional guidance and other tools as necessary to ensure that individuals understand and can exercise their right to access their health information.  In addition, the Office for Civil Rights will work with the White House Social and Behavioral Sciences Team and the Department of Health and Human Services Office of the National Coordinator for Health Information Technology (ONC) to produce consumer-friendly resources, including sample communications tools to encourage patients to access their digital health information.”

The guidance was received with praise from many in the industry, including from Jodi Daniel, partner in the Washington, D.C.-based Crowell & Moring’s healthcare group, and former director of the Office of Policy in ONC. In a statement, Daniel said, “The government has heard for years that the reason patients don’t ask for access to their records is because there are unfair costs and other barriers to getting the information and obtaining it in the form and format that would be most useful. In this guidance, OCR is clearly trying to clarify misperceptions and direct covered entities to make information more easily available for patient access.”

Daniel continued, “The OCR guidance does a good job of clarifying misperceptions of patients’ right to access their health information in order to make the information more easily available. However, in the world of electronic information, the right of access itself does not go far enough to ensure that health information can be readily available to patients where and when they need it and in a form that is useful. In light of this guidance, covered entities and business associates should consider their practices for providing patient access to their data to ensure they are complying with the HIPAA privacy rule.”

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More

Topics

News

Study: EHRs Tied with Lower Hospital Mortality, But Only After Systems Have Matured

Over the past decade, there has been significant national investment in electronic health record (EHR) systems at U.S. hospitals, which was expected to result in improved quality and efficiency of care. However, evidence linking EHR adoption to better care is mixed, according to medical researchers.

Nursing Notes Can Help Predict ICU Survival, Study Finds

Researchers at the University of Waterloo in Ontario have found that sentiments in healthcare providers’ nursing notes can be good indicators of whether intensive care unit (ICU) patients will survive.

Health Catalyst Completes Acquisition of HIE Technology Company Medicity

Salt Lake City-based Health Catalyst, a data analytics company, has completed its acquisition of Medicity, a developer of health information exchange (HIE) technology, and the deal adds data exchange capabilities to Health Catalyst’s data, analytics and decision support solutions.

Advocate Aurora Health, Foxconn Plan Employee Wellness, “Smart City,” and Precision Medicine Collaboration

Wisconsin-based Advocate Aurora Health is partnering with Foxconn Health Technology Business Group, a Taiwanese company, to develop new technology-driven healthcare services and tools.

Healthcare Data Breach Costs Remain Highest at $408 Per Record

The cost of a data breach for healthcare organizations continues to rise, from $380 per record last year to $408 per record this year, as the healthcare industry also continues to incur the highest cost for data breaches compared to any other industry, according to a new study from IBM Security and the Ponemon Institute.

Morris Leaves ONC to Lead VA Office of Electronic Health Record Modernization

Genevieve Morris, who has been detailed to the U.S. Department of Veterans Affairs (VA) from her position as the principal deputy national coordinator for the Department of Health and Human Services, will move over full time to lead the newly establishment VA Office of Electronic Health Record Modernization.