HIPAA
2006-11-03 06:41:35 · 1 answers · asked by Ytica P 1 in Politics & Government ➔ Law & Ethics
The Privacy Rules of HIPAA allow the individual to regain control over individually identifiable health information. The individual is guaranteed right of access to inspect and obtain a copy of PHI within 30 days of a request. If the covered entity denies the request in whole or in part, it must provide the individual with a written denial specifying the reasons for the denial, which is appealable by the individual (45 CFR § 164.524, 2002).
In addition, the individual also has the right to amend his or her PHI, such as medical records. If the entity fails to amend as specified by the individual, the individual may appeal this decision as well (45 CFR § 164.526, 2002). The individual must first make his or her appeal through the covered entity's administrative procedures. Thereafter, the decisions may be appealable to the Secretary of the DHHS.
An individual also has the right to receive an accounting of disclosures of PHI made by a covered entity for the last 6 years prior to the date the accounting is requested. Although there are some exceptions, the individual's request for the accounting must be produced within 60 days of the request (45 CFR § 164.528, 2002).
Perhaps one of the most significant controls the individual has over his or her PHI is the ability to request restrictions on a covered entity's use and disclosure of PHI, even when the rules allow otherwise. While a covered entity is not required to agree to an individual's requested restriction, in the event the entity does agree to the restriction, the covered entity can only use or disclose the information for emergency treatment purposes. Furthermore, the restriction can only be terminated by the individual or the covered entity, but only after the individual is informed of the termination (45 CFR § 164.52, 2002).
2006-11-03 06:48:59 · answer #1 · answered by Jackeeeee 3 · 0⤊ 0⤋