The Department of Health and Human Services [HHS] has issued new guidance about a patient’s right to access the information. The guidance is very robust detailing many specifics about a patient’s right to access information.
In this post we will discuss what information patients have a right to access. The HIPAA rules says that patients have a right to access protected health information [PHI] in the Designated Record Set.
Before defining the whole term, let’s look at the word ‘Record.’ Record is any single item, or collection or grouping of information [information in general not just protected health information- PHI] that is maintained, collected, used, or disseminated by or for a covered entity.
Take the #HIPAA Pop Quiz! Go to http://wp.me/p4bsis-1mG or click here.
Records include information that is:
- From other providers, insurance companies, employers, relatives, and just about anyone;
- Shared with other providers, insurance companies, employers, relatives and just about anyone;
- Made by you and intended to be seen and used by only you or your office such as notes, memos, etc.
Designated Record Set:
Now that we identified records, we need to distill down what records are part of the Designated Record Set. The guidance says Designated Record Set includes:
- Medical records and billing records about individuals maintained by or for a covered health care provider;
- Enrollment, payment, claims adjudication, and case or medical management record systems maintained by or for a health plan; or
- Other records that are used, in whole or in part, by or for the covered entity to make decisions about individuals. This last category includes records that are used to make decisions about any individuals, whether or not the records have been used to make a decision about the particular individual requesting access.
Not all, but information that falls into the definition of the Records, is part of the Designated Record Set. This guidance gives an exemplary, but not exhaustive list:
- medical records;
- billing and payment records;
- insurance information;
- clinical laboratory test results;
- medical images, such as X-rays; wellness and disease management program files; and
- clinical case notes
Should Parents and Spouses have a right to know if you get medical treatment? Read about the California law. Click here or go to: http://wp.me/p4bsis-1dR
There are some exceptions. Patients do not have a right to access, get a copy or see:
- peer review files
- practitioner or provider performance evaluations,
- health plan’s quality control records used to improve customer service or formulary development records
- Psychotherapy notes, which are the personal notes of a mental health care provider documenting or analyzing the contents of a counseling session, that are maintained separate from the rest of the patient’s medical record. See 45 CFR 164.524(a)(1)(i) and 164.501.
- Information compiled in reasonable anticipation of, or for use in, a civil, criminal, or administrative action or proceeding.
Check back on blog for dos and don’ts of patient access to records!
Free HIPAA Quick Reference when you order Patient Privacy Forms!