The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides important rights for patients that many people are unaware of. An individual’s right to access his or her personal health information (PHI) is a key component of the Privacy Rule. It is very specific regarding access, denial of access, and documentation. If you have ever asked a provider for a copy of your records and were told no, you were denied your rights. All providers must give you a copy, electronically or paper form, upon request within 30 days. Healthcare providers have the additional responsibility of alerting patients to their own rights under this law. This includes doctors, nurses, hospitals, pharmacies, skilled nursing facilities, insurance companies and more.
What are patients’ rights under the privacy standards?
- A copy of the privacy notice
- Access to their medical records, request changes and learn how their records were accessed
- Ask the provider to limit access
- Ask to whom information was given, an “accounting of disclosures”
- Ask to be contacted in a specific way (cell phone, mail, etc.)
- Ask to be contacted in a place other than home or work
- Examine and copy the health information the provider has recorded
- Complain to the Department of Health and Human Services if the patient believes there is a violation
These rights include your billing records. If you have ever received a “balance due” bill from a provider you have the right to receive a full account of your services billed.
Who may exercise the right of access?
- Personal representatives (powers of attorney, parents, designated persons)
Need to file a complaint?
Visit https://ocrportal.hhs.gov/ocr/smartscreen/main.jsf. This website is the U.S. Department of Health and Human Services Office for Civil Rights Complaint Portal. If you have any questions you can call 1-800-368-1019.