HIPAA: When patients request copies of their medical records

From the HIPAA Weekly Advisor (Briefings on HIPAA):

Q: When patients request copies of their medical records, should covered entities release only the records that they generated and withhold information from other sources? If so, which HIPAA regulation addresses this topic?

A: Covered entities may not withhold documents they include as part of a patient's medical record, irrespective of the source.

One misconception about HIPAA is that it allows patient access only to information generated by a covered entity and not to any additional information that outside sources contribute to the medical record. Any policy that prohibits access to medical record information created by a provider or other third party is indefensible and is in violation of the HIPAA privacy rule.

Refer to 45 CFR 164.501 (definition of a designated record set) and 45 CFR 164.524 (individual's right to access his or her designated record set).

Have questions? I’m here to help.

This field is for validation purposes and should be left unchanged.
This field is for validation purposes and should be left unchanged.
Categories
Accounting and Tax Services Litigation Support Managed Care Consulting Managed Care Contract Negotiations Medical Practice and Healthcare Entity Valuation Medical Practice Assessment Medical Practice Brokerage Medical Practice Embezzlement Consulting Medical Practice Management Medical Practice Merger Advice Medical Strategic Planning Newsletter Personal Financial Planning Oversight Physician Compensation Models Physician Compliance Physician Financial Management Services Retirement Uncategorized
About Reed Tinsley, CPA

As a top advisor to physicians, I help increase practice profits by delivering hands-on, expert medical accounting/tax support, practice counsel, and revenue-building strategies. Read More >

Reed Tinsley, CPA