Chapter 7: Individual PHI Rights
It is not only the covered entities who have a right to follow HIPAA rules and regulations. Under the HIPAA act the consumers of services also have certain rights. Individuals have the right to keep their health information private whether it is stored on paper or electronically. This act also governs how long-term care facilities, hospitals, ambulatory care centers and other health care providers use and share information about provisions of health care, and health status.
In accordance with The U.S. Department of Health and Human Services (HHS) the consumer has the right to:
- Ask to see and get a copy of their health records. The entity must provide a summary of the consumers’ records during a time period. There may be a fee charged by the entity for this service.
- Have corrections added to their health information. This request to correct their health information must be done in writing.
- Receive a notice that tells you how your health information may be used and shared. This notice is similar to the one that credit card companies or banks use to show how a consumer’s personal information is used. The notice should include information about consumer’s rights under HIPAA. This notice should always be kept in the individual’s file.
- Decide if you want to give permission before your health information can be used or shared for certain purposes, such as for marketing. To disclose any information proper authorization must be obtained from the consumer. The authorization must state what information and how it will be disclosed.
- Get a report on when and why your health information was shared for certain purposes. Consumer can see what disclosures have been made in the past 6 years.
Consumer Written Authorization Exceptions
- If disclosure is needed for purposes of national security
- Any judicial/court/agency hearings
- Workers’ compensation claims
- When identifying a deceased individual
- OSHA 300 logs required by companies