AHIMA Unveils New Resource Detailing Patients’ PHI Access Rights under HIPAA

The Health Insurance Portability and Accountability Act (HIPAA) allows patients to access a copy of their medical records in electronic or paper form. In 2016, the Department of Health and Human Services released a series of videos and documentation to outline patients’ right to access their health data.

Recently, the American Health Information Management Association (AHIMA) also released guidance – in the form of an online slideshow – further explaining patients’ access rights, what happens when requests are made to healthcare providers, possible fees, and the expected timescale for obtaining copies of PHI.

AHIMA explains that copies will not be provided instantly. As per HIPAA Rules, healthcare providers have up to 30 days to provide access copies of medical records. Many of the bodies will issue designated record sets well within that timeframe. However, in a number of cases, as long as there is a justifiable reason for doing so, a healthcare provider may seek a 30-day extension. In cases like these, it may take up to 60 days for patients to be given copies of their personal health data.

AHIMA has who healthcare providing entities are permitted to disclose this information: Patients or a nominated personal representative of patients – guidance has been issued on who that representative may be.

There are many models that can be used by healthcare providers for charging patients for copies of PHI. While the actual cost for making copies of medical records available may not be provided at the time the request is made, healthcare providers must advise patients of the estimated cost at the time the request is made. AHIMA outlines that if electronic health data is being provided via a patient portal, this will not be chargeable.

As HIPAA serves to protect the privacy of patients, healthcare providers are obliged to verify the identity of the individual making the request or a personal representative if that route is being utilized. A healthcare provider will therefore require official photographic ID to be produced prior to any records being accessed. A waiver will also need to be signed which verifys identity.

AHIMA says that obtaining copies of medical records is important as access to health data improves patient engagement. It also empowers them to make more informed choices about their personal healthcare.

While providers should be able to access their personal health data from other providers, that process is not always simple due to data incompatibility issues. It is therefore important that all patients have complete copies of their personal medical records so they can provide complete sets to new health care providers. Doing so will improves the coordination of care that is available to them.

Patients are reminded that they should also check their health records for any errors and omissions – known allergies for example. If an error or omission is found, a request to change the records should be made to the appropriate healthcare provider.

The AHIMA slideshow can be accessed here.