Court vacates certain HIPAA health record access requirements

Jan 29, 2020 - 02:28 PM
supreme-court

A federal court last week voided certain provisions in a 2013 rule modifying the HIPAA privacy, security and enforcement rules under the Health Information Technology for Economic and Clinical Health Act and Genetic Information Nondiscrimination Act, the Department of Health and Human Services’ Office for Civil Rights announced today. In a case challenging provisions that cover an individual’s access to protected health information, the court vacated the “third-party directive” within the individual right of access “insofar as it expands the HITECH Act’s third-party directive beyond requests for a copy of an electronic health record with respect to [protected health information] of an individual … in an electronic format,” OCR said. In addition, the fee limitation set forth in those provisions will apply only to an individual’s request for access to their own records, not to an individual’s request to transmit records to a third party, the agency said. 

Related News Articles

Headline
OCR finalizes rule prohibiting certain reproductive health care disclosures
The Department of Health & Human Services’ Office for Civil Rights April 22 released a final rule prohibiting entities regulated by the HIPAA Privacy Rule…
Headline
Cassidy proposes ways to strengthen health data privacy
Senate Health, Education, Labor & Pensions Committee Ranking Member Bill Cassidy, R-La., Feb. 21 released a report proposing ways to modernize the existing…
Headline
NIST updates HIPAA cybersecurity resource guide 
The National Institute of Standards and Technology this week released updated guidance to help HIPAA-covered entities and business associates assess and manage…
Headline
OCR releases telehealth privacy and security resources for providers, patients
The Department of Health and Human Services’ Office for Civil Rights Oct. 18 released a resource for health care providers who choose to educate patients about…
Headline
HHS updates tool to help providers assess HIPAA security risks
The Department of Health and Human Services’ Office of the National Coordinator for Health Information Technology and Office for Civil Rights have updated…
Headline
COVID-19 HIPAA transition period for telehealth expires
Health care providers must comply with the HIPAA rules with respect to telehealth effective Aug. 9 at 11:59 p.m., when the 90-day enforcement discretion period…