Failing to release information to patients

The HIPAA Privacy Rule grants patients or their personal representatives the right to receive, inspect and review their health information, including medical and bill records, on demand. Covered entities must give access to the patient’s medical record within 30 days of the request. In the event that more time is required before the health information is released, the covered entity must give an explanation of the delay within that 30-day time frame, and the patient must be granted access to his medical record within 60 days.

Failing to release information to patients

How HIPAA Help Center can assist covered entities grant access to medical records

Failing to give patients prompt access to their health records violates the HIPAA Privacy Rule. The Policies and Procedures module lets covered entities know they are protected by keeping them up-to-date on which procedures have been implemented in their practices. If a practice has not made it customary to grant access within that 30-day time frame, for example, the application would make that covered entity aware. The Policies and Procedures module also updates a provider’s procedures and practices if the HIPAA Privacy Rule changes.

Frequently asked questions about granting patients access to their medical records:

To what medical records does this rule apply?

Patients or their personal representatives can receive access to both paper and electronic medical records. Additionally, these individuals can request the information in a specific format, and the covered entity typically must comply. However, if the data is not producible in the requested format and the patient and covered entity cannot come to an agreement on a different format, the covered entity can issue a hard copy of the medical record.

Can a covered entity deny access to a patient’s medical record because he has not paid for a service?

No. A covered entity must grant patients access to medical records, even if they have not paid for services.

Can a covered entity deny access to a patient’s medical record under any circumstance?

The Privacy Rule does not give patients the right to access a provider’s psychotherapy notes. This information is kept separately from billing and medical records. If a covered entity denies a patient access to his medical record for any reason, the patient may file an appeal.

Can a covered entity charge patients for access to medical records?

A covered entity cannot charge a fee for the time it takes to search for a medical record. However, a covered entity can charge a reasonable fee to cover cost of time and materials required for copying and mailing the record.

Make time for what matters most
Your Patients