Healthcare providers can reject requests to access Protected Health Information (PHI) under specific circumstances. These regulations divide the grounds for denial into unreviewable and reviewable categories.
See also: HIPAA Compliant Email: The Definitive Guide
Unreviewable grounds for denying access to PHI
Unreviewable grounds for denying a patient's access to their PHI are specific conditions where a healthcare provider can refuse a patient's request to access their PHI, and this decision is final and not subject to review.
- Psychotherapy notes or legal proceedings: Access to psychotherapy notes or information compiled for legal proceedings can be denied. This is because such information is highly sensitive and requires a higher level of confidentiality.
- Inmate requests in correctional institutions: If an inmate in a correctional facility requests their PHI, this request can be denied. The denial is permissible if providing the PHI could jeopardize the health, safety, security, custody, or rehabilitation of anyone in the institution, including other inmates, or affect the safety of staff and others involved in transporting the inmate.
- PHI in ongoing research studies: Access to PHI that is part of an active research study, such as a clinical trial, can be denied. This applies if the patient agreed to suspend their access rights when consenting to participate in the research. Their right to access the PHI is reinstated after the completion of the research.
- Privacy Act protected records: If the PHI is protected under the Privacy Act, such as records held by a federal agency, access can be denied. This denial is valid if providing access would conflict with the requirements of the Privacy Act.
- Confidentially obtained information: When PHI is obtained from a source other than a health care provider (like a family member) under a promise of confidentiality, access can be denied. This is especially the case if giving access would likely reveal the source of the information.
See also: Report reveals more patients are accessing health data online
Reviewable grounds for denying access to PHI
Reviewable grounds for denying patients access to their PHI refers to specific situations where a healthcare provider can initially refuse access, but the decision is subject to review. These grounds are primarily centered around concerns for safety and harm.
- Endangerment to life or safety: If a licensed healthcare professional believes that allowing access to PHI is likely to endanger the life or physical safety of the individual requesting it or another person, they can deny access. This ground does not extend to concerns about psychological or emotional harm.
- Potential harm to others: If access to the PHI is likely to cause substantial harm to a person (other than a healthcare provider) who is referenced in the PHI, the provider can deny the request.
- Harm through personal representatives: If a personal representative requests the PHI of the individual (such as a family member or legal guardian), and it's believed that providing access is likely to cause substantial harm to the individual or another person, the request can be denied.
See also: Authorized access to medical records is important, too
Subscribe to Paubox Weekly
Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.