[{"innerBlocks":[],"name":"core\/freeform","postId":58,"blockType":{"name":"core\/freeform","keywords":[],"attributes":{"content":{"type":"string","source":"raw"},"lock":{"type":"object"}},"providesContext":[],"usesContext":[],"selectors":[],"supports":{"className":false,"customClassName":false,"reusable":false},"styles":[],"variations":[],"apiVersion":3,"title":"Classic","description":"Use the classic WordPress editor.","category":"text"},"originalContent":"The United States District Court for the District of Columbia has voided certain HIPAA health record access requirements, according to the Department of Health and Human Services\u2019 Office for Civil Rights.In Ciox Health vs. Alex Azar, the federal court last week vacated specific provisions in a 2013 rule modifying the HIPAA privacy, security and enforcement rules under the Health Information Technology for Economic and Clinical Health Act and Genetic Information Nondiscrimination Act.\u201cA portion of that rule was challenged in federal court, specifically provisions within 45 C.F.R. \u00a7164.524, that cover an individual\u2019s access to protected health information,\u201d according to an OCR announcement. HHS adopted the 2013 rule to limit what companies may charge for delivering protected health information (PHI)\u2014restrictions known as the Patient Rate. And, in 2016, the agency issued further guidance which mandated that the Patient Rate applies even to requests to deliver PHI to third parties. However, U.S. District Court Judge Amit Mehta, in his January 23 decision<\/a>, declared unlawful and vacated the 2013 Omnibus Rule \u201cinsofar as it expands the HITECH Act\u2019s third-party directive beyond requests for a copy of \u201can [EHR] with respect to [PHI] of an individual ... in an electronic format.\u201d

In addition, Mehta declared unlawful and vacated the 2016 guidance \u201cinsofar as it, without going through notice and comment, extends the Patient Rate to reach third-party directives.\u201dThe plaintiff in the court case was Ciox Health, a Georgia-based company that manages health data requests, including maintaining, retrieving and producing individuals\u2019 PHI. In particular, Ciox challenged the 2016 expansion of the Patient Rate as \u201cviolative of the procedural and substantive protections of the Administrative Procedure Act,\u201d according to the court.\u201cBefore the 2016 guidance, the industry understood that the Patient Rate applied only to personal use requests for PHI and not to third-party directives under the HITECH Act, and it structured its contracts and pricing models accordingly,\u201d observed the court. \u201cThe 2016 guidance, however, upended that understanding, as it declared that the Patient Rate applied to all requests for PHI initiated by an individual, even if such information was requested for use by a third party, like an insurance company or a law firm.\u201d While the court declared unlawful and vacated the 2016 Patient Rate expansion and the 2013 mandate broadening PHI delivery to third parties regardless of format, OCR issued a statement reaffirming that \u201cthe right of individuals to access their own records and the fee limitations that apply when exercising this right are undisturbed and remain in effect."","saveContent":"The United States District Court for the District of Columbia has voided certain HIPAA health record access requirements, according to the Department of Health and Human Services\u2019 Office for Civil Rights.In Ciox Health vs. Alex Azar, the federal court last week vacated specific provisions in a 2013 rule modifying the HIPAA privacy, security and enforcement rules under the Health Information Technology for Economic and Clinical Health Act and Genetic Information Nondiscrimination Act.\u201cA portion of that rule was challenged in federal court, specifically provisions within 45 C.F.R. \u00a7164.524, that cover an individual\u2019s access to protected health information,\u201d according to an OCR announcement. HHS adopted the 2013 rule to limit what companies may charge for delivering protected health information (PHI)\u2014restrictions known as the Patient Rate. And, in 2016, the agency issued further guidance which mandated that the Patient Rate applies even to requests to deliver PHI to third parties. However, U.S. District Court Judge Amit Mehta, in his January 23 decision<\/a>, declared unlawful and vacated the 2013 Omnibus Rule \u201cinsofar as it expands the HITECH Act\u2019s third-party directive beyond requests for a copy of \u201can [EHR] with respect to [PHI] of an individual ... in an electronic format.\u201d

Court vacates ‘third-party directive’ within individual right of access

More for you