Security News > 2020 > January > Court Invalidates Certain Patient Info Access Requirements

A federal court has invalidated certain HITECH Act provisions and Department of Health and Human Services guidance related to patient requests for copies of their health records, creating new requirements for compliance officers and others to follow.

"We already are having a substantial debate about the overall and potential inconsistencies between the HIPAA right to access and interoperability/information blocking rules - and a potential tension between the patient access right and appropriate protections of the data," he notes.

Ciox Health, in a statement provided to Information Security Media Group, says the court "Disallowed the patient rate for non-patients like insurance companies and lawyers. There has been no change to the patient rate. Ciox always has and continues to strongly support patients' secure and unrestricted access to their medical records, including making the process easier. This ruling enables Ciox to continue helping providers achieve these objectives."

"For years, the medical records industry understood that the limitations imposed by the patient rate applied only to requests for PHI made by the patient for use by the patient. For other types of requests, such as those made by commercial entities, like insurance companies and law firms, the records industry understood that the allowable fee was not restricted by the patient rate," the court noted.

Commenting on the "Noteworthy" case, independent HIPAA attorney Paul Hales says: "The good news from Ciox v. Azar is that fees for a patient's right of access are undisturbed. However, the court put some limits on patient access to records in electronic form."

News URL

https://www.inforisktoday.com/court-invalidates-certain-patient-info-access-requirements-a-13663