Many patients understand Health Insurance Portability and Accountability Act of 1996 (most commonly known as HIPAA) as a piece of legislation that protects their healthcare data from unauthorized access. However, what a lot of people don’t understand is that HIPAA also gives the patient the right to access their own healthcare information. The Act also gives you the right to govern who accesses your information, correct any details you that you believe are inaccurate and know who has accessed the data in the past.
Sadly, despite this, around three in ten individuals were not aware of their right to access their health information or simply did not believe they had the right to do so. A further four in ten had not ever seen their health information, likely because they did not know how to request the information. Despite this, 80% of people who did access their health records thought it was a beneficial exercise. HIPAA is a complex document, and healthcare professionals receive extensive training on how to interpret and apply it. The vast majority of the public will not have the same level of understanding, but here we set out to inform you of your rights as a patient under HIPAA.
Accessing your healthcare information
Accessing health information can be as simple as putting your request into writing and paying any associated costs (though the OCR encourages healthcare professionals to provide the documents for free, some will still charge for the costs of copying and postage). Unless there is a complication, the healthcare information should be with you within thirty days of the original request.
It is important to note that you cannot be denied access to your healthcare information if you have outstanding bills: your right to access takes precedence over any debts.
You should be offered access to your healthcare data in either electronic or hard-copy format, whichever works best for you. If you opt for an electronic format, you can have the data sent to a mobile device of your choosing, as well as any caretakers, friends, or family members. We strongly recommend that you encrypt or otherwise protect all healthcare data requested in electronic format.
If, after accessing your health information, you realize that there’s an error on your record you may request that changes are made to the document. This can be to change the error, remove any incorrect information or to add in the information you believe has been incorrectly omitted.
The healthcare provider must agree on the changes, but even if there is a disagreement you can still have your proposed amendments noted on the file. Documents should be updated within 60 days of the request.
Who has accessed your data?
Under HIPAA, your health data is protected by law and should only be accessed by relevant healthcare professionals or other authorized individuals. However, there are some scenarios in which your health data is disclosed to individuals not directly related to your care (for example, for tracking disease outbreaks). You may request to see who has accessed the documents and find out how your information has been used.