Patient Requests for Protected Health Information (PHI) HIPAA/HITECH AMENDMENTS effective March 26, 2013 – ARE YOU PREPARED?

On January 17, 2013 the US Department of Health & Human Services (HHS) issued the long-anticipated final rule describing the privacy and security requirements for covered entities under the Health Insurance Portability and Accountability Act (HIPAA), as required by the Health Information Technology for Economic and Clinic Health (HITECH) Act. The new final HIPAA Privacy and Security Rule has been described as containing the most sweeping changes to HIPAA since the law was implemented. The Amendments became effective on March 26, 2013 and compliance is generally required by September 23, 2013.

The rule strengthens a patient’s right to request electronic copies of their Protected Health Information (PHI). Covered entities with electronic records must provide the Protected Health Information (PHI) to the patient in the format of the patients’ preference/request. If a patient requests an electronic copy of the record, the practice must be able to provide it. Patients still receive the first copy free of charge, in addition, when charging for records is appropriate, charges may not exceed the cost of labor and materials.

The rule requires the covered entity to restrict the disclosure of Protected Health Information (PHI) about the patient to a health plan, upon patient request, as long as the disclosure is for the purpose of carrying out payment or healthcare operations and is not otherwise required by law. The Protected Health Information (PHI) must pertain exclusively to a healthcare item or service that the individual has paid for out of pocket.-Lisa Coleman

Comments Off