HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

American Medical Association Publishes Playbook Dispelling Common HIPAA Right of Access Myths

The American Medical Association (AMA) has published a new HIPAA playbook to help physicians and their practices understand the HIPAA Right of Access and ensure compliance with this important requirement of HIPAA.

Misunderstandings about the HIPAA Right of Access can result in financial penalties for noncompliance. The HHS’ Office for Civil Rights launched a new HIPAA Right of Access enforcement initiative in 2019 and has already taken action against two healthcare organizations that were not providing patients with copies of their medical records in a timely manner. Both cases started with a single complaint from a patient who was not provided with a copy of the requested records and ended with a $85,000 financial penalty.

Patients need to be able to access their healthcare data to be able to make informed decisions about their own health. HIPAA gives patients the right to obtain a copy of their health records, but healthcare providers can face challenges complying with all of the legal requirements of HIPAA. These challenges, together with misunderstandings about the HIPAA Right of Access, have prevented some providers from complying with patient requests for copies of their health information.

The Patient Records Electronic Access Playbook was released to educate physicians and their practices about the need to provide patients with access to their medical records and the legal requirements related to medical record access and the sharing of records with patients.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

The 104-page document is divided into four parts and covers the legal requirements of HIPAA and patient access laws and the challenges physician practices face complying with the HIPAA Right of Access. The playbook includes guidance to help physicians overcome challenges and best practices for operationalizing records access fulfillment.

The document also dispels some of the common myths about providing patients and third parties with health records, the health information that can and cannot be shared, the amount that healthcare providers can charge for providing copies of medical records, and how medical records must be provided.

The playbook explains that even when patient portals are in use compliance with the HIPAA Right of Access is far from guaranteed. Patient portals do not typically allow patients to access all of their health information and copies of medical records will still need to be provided to patients. AMA recommends giving patients the opportunity to access their health data over several different media. The playbook also covers providing health records to third parties at the request of a patient and requests originating from third parties, which are two aspects of the HIPAA Right of Access that have caused confusion for many physician practices.

AMA says in the playbook that healthcare providers need to learn about the capabilities of their EHRs, and discover how patient records can be sent to other healthcare providers, how information can be fed into patient portals, and how to export patient records to USB drives or CDs.

Healthcare providers should also actively encourage patients to take a greater interest in their healthcare and obtain a copy of their health records and check those records for errors. “Most importantly, encourage each patient to use apps and access to health information to become an active champion of his or her health,” says AMA. “Patients can better manage their health by understanding and managing all of their health information.”

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.