 |
|
|
 |
|
8. INDIVIDUAL'S RIGHTS RELATED TO
PHI:
|
164.524 |
|
|
|
|
|
Access of Individuals
to PHI: |
|
164.524(a)(1) |
|
|
|
| |
|
Right of access: An individual has a
right of access to inspect and obtain a copy of PHI about the individual
in a designated record set, for as long as the PHI is maintained
in the designated record set, except for:
8.1.1.1. |
Psychotherapy notes;
|
8.1.1.2. |
Information compiled in
reasonable anticipation of, or for use in, a civil, criminal,
or administrative action or proceeding; and
|
8.1.1.3. |
PHI maintained by a CE that
is: subject to the Clinical Laboratory Improvements Amendments
of 1988 (CLIA), to the extent the provision of access to the
individual would be prohibited by law; or exempt from CLIA.
|
|
|
164.524(a)(2) |
|
|
|
| |
|
Denial of right
of access without right of review: A CE may deny an individual
access without providing the individual an opportunity for review,
in the following circumstances:
8.1.2.1. |
The PHI is excepted from
the right of access [¶ 8.1.1.]; |
8.1.2.2. |
CE that is
a correctional institution or a covered health care provider
acting under the direction of the correctional institution may
deny, in whole or in part, an inmate's request to obtain a copy
of PHI, if obtaining such copy would jeopardize the health,
safety, security, custody, or rehabilitation of the individual
or of other inmates, or the safety of any officer, employee,
or other person at the correctional institution or responsible
for the transporting of the inmate; |
8.1.2.3. |
An individual's access to
PHI created or obtained by a covered health care provider in
the course of research that includes treatment may be suspended
while the research is in progress if the individual agreed to
the denial of access when consenting to participate in the research,
and the provider informed the individual that right of access
will be reinstated upon completion of the research; |
8.1.2.4. |
An individual's access to
PHI contained in records subject to the Privacy Act (5 U.S.C.
552a) may be denied in accordance with the requirements of the
Act; |
|
8.1.2.5. |
The PHI was obtained from someone other
than a health care provider under a promise of confidentiality
and the access requested would be reasonably likely to reveal
the source of the information.
|
|
|
164.524(a)(3) |
|
|
|
| |
|
Denial of right
of access with right of review: CE may deny an individual access,
provided that the individual is given a right to have such denials
reviewed, in the following circumstances:
8.1.3.1. |
A licensed health care professional
has determined, in the exercise of professional judgment, that
the access requested is reasonably likely to endanger the life
or physical safety of the individual or another person; |
8.1.3.2. |
The PHI makes
reference to another person (not a health care provider) and
a licensed health care professional has determined, in the exercise
of professional judgment, that the access requested is reasonably
likely to cause substantial harm to such other person, or; |
8.1.3.3. |
The request for access is made by the
individual's personal representative and the PHI makes reference
to another person (not a health care provider) and a licensed
health care professional has determined, in the exercise of
professional judgment, that the access requested is reasonably
likely to cause substantial harm to the individual or another
person.
|
|
|
164.524(a)(4);
164.524(d)(4) |
|
|
|
| |
|
8.1.3.4. |
If access is denied based
on one of the grounds set forth in ¶ 8.1.3.1. to ¶
8.1.3.3., the individual has the right to have the denial reviewed
by a licensed health care professional, designated by the covered
entity to act as a reviewing official, who did not participate
in the original decision to deny. The covered entity must promptly
refer a request for review to the reviewing official, who must
then determine, within a reasonable period of time, whether
or not to deny the access requested based on the grounds set
forth above. The covered entity must promptly provide written
notice to the individual of the reviewing official's determination,
and must provide or deny access in accordance with the determination. |
|
|
164.524(b) |
|
|
|
| |
|
Requests for access;
timely action:
8.1.4.1. |
CE must permit an individual
to request access to inspect or to obtain a copy of the PHI
about the individual that is maintained in a designated record
set. CE may require individuals to make requests for access
in writing, provided that it informs individuals of such a requirement. |
8.1.4.2. |
CE must act on a request
for access no later than 30 days after receipt of the request
as follows.
8.1.4.2.1. |
If CE grants the request,
in whole or in part, it must inform the individual of
the acceptance of the request and provide the access requested,
as set forth in ¶ 8.1.5.; |
8.1.4.2.2. |
If the CE denies the
request, in whole or in part, it must provide the individual
with a written denial, as set forth in ¶ 8.1.6. |
|
8.1.4.3. |
If the request for access
is for PHI that is not maintained or accessible to the CE on-site,
the CE must act on the request no later than 60 days from the
receipt of the request. |
8.1.4.4. |
If the CE is unable to act
on the request within the appropriate time limit (30 or 60 days,
as applicable), the CE may extend the time for such actions
by no more than 30 days, provided that the CE, within the appropriate
time limit, as applicable, provides the individual with a written
statement of the reasons for the delay and the date by which
the CE will complete its action on the request. The CE may have
only one such extension of time for action on a request for
access. |
|
|
| |
|
|
|
|
| |
|
|
|
|
