Patient requests under HIPAA provide individuals the right, under certain circumstances, to access, inspect and obtain copies of PHI that is maintained in a “designated record set.”
The following are examples of different requests and disclosures that may arise, such as:
Since we already discussed medical record requests and retention in our previous tip, you can click here to read the requirements.
A definition of disclosure is “the release, transfer, provision of access to, or divulging in any other manner of information outside the entity holding the information.”
By law, patients can get a copy of all disclosures within the past six years. Even though they may not ask for it, your compliance team or representative will be responsible for ensuring disclosures are up to date for electronic or faxed PHI.
The purpose of the NPP is to inform patients of your policies and how you will disclose or protect their PHI.
Compliance plays a role in training and educating staff on the use of NPPs. They must explain the importance of asking the patient to sign the form. And, even if the patient chooses not to sign, this still must be recorded.
As always, please be sure to create clear policies and procedures to explain to your staff and patients how to handle requests and disclosures.
**The opinions and observations from the group/author are not a promise to exempt your practice from fines and penalties. Research, modify, and tailor the advice to fit your specialty.