About | HeinOnline Law Journal Library | HeinOnline Law Journal Library | HeinOnline
LOG IN
LOG IN

1 1 (August 31, 2016)

handle is hein.crs/govceuy0001 and id is 1 raw text is: FF.ri E~$~ & August 31, 2016 Patient Access to Health Information in the Digital Age In 2000, the Health Information Portability and Accountability Act (HIPAA) Privacy Rule established a set of federal standards for the use and disclosure of personal health information. The Privacy Rule also gave individuals the right of access to their health information. In the years since the Privacy Rule took effect, individuals have often complained that health care providers place undue restrictions on that access, in violation of HIPAA. At the time the Privacy Rule was issued, most health information was recorded and stored on paper. Today, the widespread adoption of electronic health record (EHR) systems makes it easier for individuals to access their medical data. Under the Medicare and Medicaid EHR incentive program, which has paid $35 billion to hospitals and physicians that demonstrate meaningful use of EHR technology, patients must be given timely online access to information maintained in an EHR. New requirements for the EHR incentive program will enable individuals to access their health information in real time using software applications (apps) on their smart phones and other mobile devices. Many health policy analysts see this as a potential game changer. Instead of hospitals and physicians controlling their health data, patients will be able to take charge and more easily use and share the data to make informed choices about their health. However, analysts caution that expanding electronic access to health information faces a number of obstacles-cultural, economic, legal, and technical-that must be addressed. ,HPA- iht of Ac~ The Privacy Rule gives individuals the right of access to inspect and obtain a copy of their protected health information (PHI). This is a legally enforceable right, not a privilege. Covered entities may deny access only in a very few circumstances. The Health Information Technology for Economic and Clinical Health (HITECH) Act expanded the HIPAA right of access for electronic PHI (ePHI) maintained in an EHR. The act gave individuals the right to direct health care providers, health plans, and others subject to HIPAA collectively known as covered entities to transmit a copy of their ePHI to a third party of their choosing, such as a caregiver or another provider (see Figure 1). If an individual requests an electronic copy of information contained in his or her EHR, the covered entity generally must provide it in the format requested if it has the capability to produce the information in that format. The right of access covers clinical information, insurance information, billing and payment records, wellness and disease management program records, and other information used by covered entities to make health care decisions about individuals. Individuals seeking access to their health information sometimes find that providers are reluctant or slow to release it. Patient data is a valuable economic asset, and physicians and hospitals likely do not want their competitors gaining access to it. People stay with their doctors in part because their information resides with them, and obtaining and sharing health records with other doctors has traditionally been a challenge. The easier information moves, the easier it may be for patients to switch providers. In light of these factors, some health providers may worry that releasing patients' health information will cause them to lose patients. Moreover, some health care providers mistakenly believe that they own the information and are under no obligation to share it. Figure 1. Patient ..........~~~ii:::::::iii~~~~iiii~~~~iii . . . . . . . . . ..:: :: : : :: : :: : :: : : :: : :: : : :: : :: : : . . . . . . . . . . . ..ii ii i ii i ii i ii i ii i ii i ii i ii i ii i . . . . . . . . . . . . . ..iii ii i ii i ii ii i~ i i ii ii i ii i ii i . . . . . . . . . . . . . . . .ii ii ii ii ii ii ii ii Access to Health Information HIPAA:Rgk o ~est inspec t PH, rLtami a~o to a .sga~d3d pi1 EHR Meaningful Use/MIP Tmeyacs tovwunre dol oa, n t~rnsmit tnsl , ,,............ : R:: : : : :: : : :: : : : : : : : : : ... . . \: : : :: : :. . ...., Hospital K: Physici4 offkQ. Phy . . . . . .. . .. . . . . . . . S: swcian fic.e Source: Prepared by CRS Physicians and hospitals must meet a series of meaningful use criteria under the EHR incentive program to receive a Medicare and/or Medicaid incentive payment and avoid Medicare payment adjustments (i.e., penalties). One of the requirements for successfully demonstrating meaningful use supports the HIPAA right of access. Providers must give patients timely online access to view, download, and transmit (VDT) to a designated third party certain core data maintained in an EHR (see Figure 1). '.0 K~:> gognpo goo , q 'S a X 11L1\L\N,\1kJ\W,

What Is HeinOnline?

HeinOnline is a subscription-based resource containing thousands of academic and legal journals from inception; complete coverage of government documents such as U.S. Statutes at Large, U.S. Code, Federal Register, Code of Federal Regulations, U.S. Reports, and much more. Documents are image-based, fully searchable PDFs with the authority of print combined with the accessibility of a user-friendly and powerful database. For more information, request a quote or trial for your organization below.



Short-term subscription options include 24 hours, 48 hours, or 1 week to HeinOnline.

Purchase Access

Already a HeinOnline Subscriber?

Log In

profiles profiles most