HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Patents Rights to Medical Test Data Improved under HIPAA

Access to personal healthcare information empowers patients to take charge of their health and work alongside their care providers. Gaining access to information has now become easier following the issuing of the final rule amending the Clinical Laboratory Improvement Amendments of 1988 (CLIA).

The new change, which was announced today, allows a patient or his or her nominated representative to access the complete laboratory reports following medical testing. Previously a restriction existed under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule preventing access to the data in certain circumstances.

As before, patients will be able to obtain their test results from their doctor, although now they are also able to request the information directly from the laboratory that conducted the tests. The new law ensures patient data is kept private with strong protections in place to prevent unauthorized access while ensuring the patient is provided with timely information they can use to improve their health.

Three agencies within the HHS are responsible for the introduction of the new law: The Centers for Disease Control and Prevention (CDC), Centers for Medicare & Medicaid Services (CMS) and the Office for Civil Rights (OCR), with the latter responsible for enforcing the new HIPAA regulations.

Please see the HIPAA Journal Privacy Policy

3 Steps To HIPAA Compliance

Please see HIPAA Journal
privacy policy

  • Step 1 : Download Checklist.
  • Step 2 : Review Your Business.
  • Step 3 : Get Compliant!

The HIPAA Journal compliance checklist provides the top priorities for your organization to become fully HIPAA compliant.

Although medical data must be released on request, a laboratory is allowed up to 30 days from receiving a written request and a copy of the data. Paper or electronic copies of the data can be obtained, although the patient should be prepared to meet the cost of postage, printing or for the medium on which the data is provided – a CD or memory stick for example.

It is essential that the person collecting the results is able to verify they are authorized to access the results. CLIA laboratories have some flexibility regarding the methods they can use to verify the identity of the patient or his or her representative and while verbal requests may be accepted, patients should be prepared to make the request in writing.

There has been some concern raised within the healthcare industry that the provision of the results would also require the laboratory or pathologists to explain test results to patients; however the patient’s physician remains the first point of contact and should explain results. The new ruling merely ensures that patients are given access to their medical data and laboratory staff should refer the patient back to their primary healthcare provider for further information. Test results must be interpreted by a physician who has access to the patient´s full medical history.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.