Health Information Compliance Alert
Do You Need To Provide Patients With Really Old Health Data?
PDF
Question: A patient has asked for copies of his medical records, but he wants records from many years ago — long before we began using our current records system. The records are so old, in fact, that we’ve archived them and store them at another location. Do we still need to comply with the patient’s record request for these old records?
Answer: Yes, you must provide these records. According to guidance from the U.S. Department of Health and Human Services (HHS), an individual has a right to access their protected health information (PHI) in a medical record or other designated record set that a covered entity (CE) maintains, regardless of the date the PHI was created.
Whether you maintain this data onsite or remotely, or whether it is archived, also doesn’t matter. HIPAA provides very limited grounds under which a CE may deny an individual access to his PHI in a designated record set, but these grounds do not include the age or location of the PHI.
For more information on an individual’s right to access PHI, see the HHS guidance at www.hhs.gov/hipaa/for-professionals/privacy/guidance/access/index.html.
Health Information Compliance Alert
- Case Study:
Lesson Learned: Go The Voluntary Compliance Route
And beware that an ALJ will likely back OCR’s decision. When it comes to HIPAA [...] - Security Rule:
Find Out What The FDA Has In Store For Medical Device Security
Employ these 5 strategies now to add your own layer of protection. Medical devices like [...] - Toolkit:
Take 4 Steps To Complete A Thorough Post-Breach Risk Assessment
Consider what you’ve done to mitigate the risks to the exposed PHI. If you’re confused [...] - Reader Question:
What Is 'Ransomware' & How Can You Combat This Threat?
Question: We’ve been hearing a lot about “ransomware” lately. Is this similar to malware? How can [...] - Reader Question:
Is Life Insurance Data Considered PHI?
Question: Is personal information collected, stored, and transmitted as part of a life insurance (rather than [...] - Reader Question:
Do You Need To Provide Patients With Really Old Health Data?
Question: A patient has asked for copies of his medical records, but he wants records from [...] - Enforcement News:
Pay Attention To Risky BYOD Trends
Plus: Your mobile health app could be the weak link in your security chain. The [...]