On August 30, 2018, in honor of the 22nd anniversary of the introduction of HIPAA, the U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) and the Office of the National Coordinator for Health Information Technology (“ONC”) released a blog post entitled “HIPAA & Health Information Portability: A Foundation for Interoperability.” This blog post outlines the initiatives HHS and its components, including the Centers for Medicare & Medicaid Services (“CMS”) and the National Institutes for Health (“NIH”), have recently taken to improve individual access to health information and to promote the secure portability of health information. For example, OCR and ONC have initiated a campaign to encourage individuals to “get, check, and use” their health information and to take advantage of their right to access their health information as a means of taking greater control over their health care decisions. These resources for individuals are available here. Moreover, OCR and ONC have issued guidance and training resources about the HIPAA right of access for health care providers. The training module for health care providers about patients’ right of access is available here.

Additionally, CMS has asked for comment on whether CMS should make interoperability a requirement for providers that participate in the Medicare program. See “Speech: Medicare Remarks by CMS Administrator Seema Verma at the Commonwealth Club of California” available here. Furthermore, NIH has established a research program that will require the portability of health information.

The HHS blog post is available here.

Our take

This guidance suggests that HHS is cracking down on violations of the HIPAA individual right of access. Therefore, health care organizations must be cognizant of the importance of providing individuals with access to their health information within 30 days (and no later than 60 days) of the individual’s request.