Under the Meaningful Use requirements, additional rights apply as well. For example, as your practice gains the capability to demonstrate Stage 2 Meaningful Use, you will be required to respond to any requests from your patients to transmit an electronic copy of PHI directly to persons or entities they designate. An individual may request that you transmit PHI in your records to his or her Personal Health Record (PHR) or to another physician. Your EHR developers, as your BAs, must cooperate in this obligation.

​

Amending Patient Information

Under the HIPAA Rules, patients have the right to request that your practice amend their PHI in a designated record set. Generally, a CE must honor the request unless it has determined that the information is accurate and complete. The CE must act on an individual’s request for an amendment no later than 60 days after the receipt of the request. If you accept an amendment request, your practice must make the appropriate amendment by identifying the records in the designated record set that are affected by the amendment and providing a link to the location of the amendment. If you refuse the request, additional requirements, including the patient’s right to file a statement of disagreement that stays with the health record, apply.

​

Accounting of Disclosures

 

Individuals have a right to receive an accounting of disclosures of their PHI made by your practice to a person or organization outside of your practice. An accounting of disclosures is a listing of the:

• Names of the person or entity to whom the PHI was disclosed

• Date on which the PHI was disclosed

• Description of the PHI disclosed

• Purpose of the disclosure This right to an accounting is limited, as the Rule does not require you to include disclosures made for treatment, payment, heath care operations, and several other purposes and situations. Your practice is required to provide an accounting of disclosures for the six years prior to the date on which the accounting was requested.

​

Rights to Restrict Information

 

Individuals have the right to request that your practice restrict certainly:

• Uses and disclosures of PHI for treatment, payment, and health care operations

• Disclosures to persons involved in the individual’s health care or payment for health care

• Disclosures to notify family members or others about the individual’s general condition, location, or death If your patient (or another person on behalf of the individual) has fully paid out-of-pocket for a service or item and also requests that the PHI not be disclosed to his/her health plan, your practice cannot disclose the PHI to a health plan for payment or health care operations. You should implement policies and procedures that ensure this directive can be carried out. Right to Confidential Communications Your practice must accommodate reasonable requests by your patients to receive communications from you by the means or at the locations they specify. For example, they may request those appointment reminders be left on their work voicemail rather than home phone voicemail.

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​