A patient’s right to access their healthcare data so that they can make informed decisions regarding their own health and wellbeing is the component of HIPAA known as the HIPAA Right of Access.
Recently, the American Medical Association (AMA) published a new HIPAA playbook for physicians and their practices to better understand this component. With the HHS Office for Civil Rights (OCR) launching an enforcement initiative in 2019 for this very issue, this playbook’s goal is to give the medical industry a better understanding so that they can avoid the penalties that can be incurred with non-compliance. Already, action has been taken against two healthcare organizations that were the target of a complaint from one individual who was not provided with the requested records. An $85,000 financial penalty was the result.
Why Is It Complicated?
HIPAA already gives patients the right to access their records. The issue comes into play when healthcare providers are challenged by complying with the legal requirements of HIPAA. That, paired with the misunderstandings that are prevalent about the Right of Access have played a role in preventing patients from getting their records in a timely manner – if at all.
Divided into 4 parts, the 104-page Patient Records Electronic Access Playbook was created to educate medical professionals about the need to provide patient records while remaining in compliance with the legal requirements of HIPAA. Common challenges and best practices are part of the content as well. It outlines the data that can and cannot be shared, how much a provider can charge for this information, the format in which they must be provided, and an overview of sharing the information with third parties.
Commonly used patient portals are a great resource for the medical industry to keep communication open with an individual, but they do not usually allow all medical records to be accessed. The AMA recommends implementing several methods of media access for patients to view and access their records.
The electronic component of healthcare should be addressed from many avenues, ensuring that the provider is aware of its capabilities to share data with not only patients but also third-party providers. And patients should always be encouraged to review their records – mistakes happen!
We encourage everyone to check out the new playbook. HIPAA compliance is an ongoing process and one that we all need to stay up to date on. If you have any questions about your HIPAA status, contact us to review any risks or requests that you may have.
This article was originally published on HIPAA Secure Now! and is republished here with permission. HIPAA Secure Now offers annual online subscriptions to help covered entities and business associates keep up with compliance. Learn more here.
HIPAA Secure Now! now offers PHIshMD training for CEs and BAs to help protect your organization from security threats.
Technology safeguards put a virtual wall around your network, but what happens when the bad actors climb over that wall? It’s up to your employees. Over 90% of breaches get caused by human error according to Kaspersky Lab, and if you’re not educating users HOW to protect your organization in this ever-changing threat landscape, your organization could be next. LEARN MORE