This summit was very enlightening and educational. It was a true pleasure representing OHIMA. There were several presentations that caught my attention. One particular presentation was by Aneesh Chopra, President, NavHealth. Aneesh discussed the differences between Right to Access (HIPAA Compliant Authorization) and Right of Access. The distinction between the two was not well known amongst the audience. Right to Access is a right given under HIPAA that allows individuals and or their representatives to obtain access to their protected health information (PHI). This right includes the ability to obtain a copy of their PHI as well as have a covered entity transmit a copy of said PHI to a designated person or entity as specified in the HIPAA compliant authorization. The right to access exists as long as the covered entity or its business associate maintains the information no matter when it was created. The manner in which the record is maintained (electronic, paper, onsite, offsite or archived) does not matter.
Right of Access is the ability to view the designated record set. The Right of Access should be granted by utilizing a separate form than that used for the Right to Access. The form should specifically address the fact that the patient or their representative is being given the right to review their PHI or medical record. The right is not to obtain copies but simply to review them. In the audience there was on only one person who actually had a separate authorization for Right of Access. It was the suggestion of Aneesh that an ROI (Release of Information) Forum be created to share this information as well as the existing authorization form.
Watch for more information from OHIMA and AHIMA on 'Right to Access' and 'Right of Access' in the near future!