BIOETYKA / WPROWADZENIE

BIOETYKA / WPROWADZENIE - Przeglądy aktów prawnych

The HIPAA (Health Insurance Portability and Accountability Act) – U.S. Department of Health & Human Services 1996

PROVISION  

WHO MAY EXERCISE THE RIGHT OF ACCESS?

Individuals and Personal Representatives. While the Privacy Rule’s right of access belongs primarily to the individual who is the subject of the PHI, the Privacy Rule also generally requires that persons who are legally authorized to act on behalf of the individual regarding health care matters be granted the same right of access. See 45 C.F.R. § 164.502(g)(1).

CONTENT ‐ DESIGNATED RECORD SETS 

An individual’s right of access generally applies to the information that exists within a covered entity’s designated record set(s), including: (1) a health care provider’s medical and billing records, (2) a health plan’s enrollment, payment, claims adjudication, and case or medical management record systems, and (3) any information used, in whole or in part, by or for the covered entity to make decisions about individuals. A record is any item, collection, or grouping of information that includes PHI and is maintained, collected, used, or disseminated by or for the covered entity. See 45 C.F.R. § 164.501 (definition of “designated record set”).

GROUNDS FOR DENIAL OF ACESS  

The Privacy Rule contemplates circumstances under which covered entities may deny an individual access to PHI and distinguishes those grounds for denial which are reviewable from those which are not.

Unreviewable grounds for denial are: situations involving (i) psychotherapy notes, information compiled for use in legal proceedings, and certain information held by clinical laboratories; (ii) certain requests which are made by inmates of correctional institutions; (iii) information created or obtained during research that includes treatment if certain conditions are met; (iv) denials permitted by the Privacy Act; and (v) information obtained from non-health care providers pursuant to promises of confidentiality. See 45 C.F.R. § 164.524(a)(2).

Reviewable grounds for denial are: (i) disclosures which would cause endangerment of the individual or another person; (ii) situations where the PHI refers to another and disclosure is likely to cause substantial harm; and (iii) requests made by a personal representative where disclosure is likely to cause substantial harm. See 45 C.F.R. § 164.524(a)(3).