Patient Rights Under HIPAA — All Six Rights
Duration: 55 min · Level: Intermediate · Module: 5. HIPAA Privacy Rule · Focus: patient-rights, access, amendment, accounting, HIPAA
By the end of this lesson you will be able to explain and apply:
- Right 1
- Right 2
- Right 3
- Right 4
- Right 5
Why this matters
HIPAA grants patients six distinct rights regarding their health information.
Overview
HIPAA grants patients six distinct rights regarding their health information. CEHRS specialists process requests for these rights daily. Knowing the timeframes, allowable fees, and required responses for each right is essential for the exam and for daily work.
Key concepts
Right 1 — Access: patients may request a copy of their medical records; covered entity must provide within 30 days (one 30-day extension allowed); reasonable cost-based fee permitted; must provide in requested format if readily producible; cannot deny access because balance is owed
- Right 2 — Amendment: patients may request corrections to their records; covered entity may deny if record was not created by the entity, if the information is accurate and complete, or if it is not part of the designated record set; if denied, patient may file a statement of disagreement
- Right 3 — Accounting of Disclosures: patients may request a list of disclosures of their PHI for the past 6 years (not including treatment, payment, or operations disclosures); must be provided within 60 days
- Right 4 — Restrictions: patients may request restrictions on use/disclosure; covered entity does NOT have to agree EXCEPT: must agree to restrict disclosure to health plan when patient pays out-of-pocket in full and disclosure is not required by law
- Right 5 — Confidential Communications: patients may request to receive communications by alternative means (different address, phone number); covered entity must accommodate reasonable requests without requiring explanation
- Right 6 — Opt Out of Fundraising: patients may opt out of receiving fundraising communications from their healthcare provider at any time; opt-out must be honored in future communications
Check your understanding
Try to recall each answer before expanding it.
Q1. What do you know about Right 1?
Access: patients may request a copy of their medical records; covered entity must provide within 30 days (one 30-day extension allowed); reasonable cost-based fee permitted; must provide in requested format if readily producible; cannot deny access because balance is owed
Q2. What do you know about Right 2?
Amendment: patients may request corrections to their records; covered entity may deny if record was not created by the entity, if the information is accurate and complete, or if it is not part of the designated record set; if denied, patient may file a statement of disagreement
Q3. What do you know about Right 3?
Accounting of Disclosures: patients may request a list of disclosures of their PHI for the past 6 years (not including treatment, payment, or operations disclosures); must be provided within 60 days
Q4. What do you know about Right 4?
Restrictions: patients may request restrictions on use/disclosure; covered entity does NOT have to agree EXCEPT: must agree to restrict disclosure to health plan when patient pays out-of-pocket in full and disclosure is not required by law
Q5. What do you know about Right 5?
Confidential Communications: patients may request to receive communications by alternative means (different address, phone number); covered entity must accommodate reasonable requests without requiring explanation
← Previous: C5.1 PHI: The 18 Identifiers & De-Identification · Next: C5.3 Permitted Uses, Disclosures & the Minimum Necessary Standard →
Part of Module 5: HIPAA Privacy Rule.