Raising the Bar on Compliance with the Right of Access

Calendar Icon June 21, 2019
Reading Time Icon Read Time: 2 min
By Ciitizen

For nearly a year I have been posting about the core elements of the HIPAA Privacy Rule’s right of individuals to access and receive copies of all of their of their health information.

We’ve also been posting about Ciitizen’s experience in helping our users leverage this HIPAA right to get all of their health information. There are some exceptions, but in general this experience has been characterized by multiple phone calls per request, long hold times, refusals to send records digitally, resistance to sending records to the patient’s designee, and high fees.

But by far, the most frustrating aspect of helping our users get their health information are staff who seem to have no knowledge of what the HIPAA Privacy Rule Right of Access requires, which translates into unnecessary obstacles for patients. Most patients don’t know enough about HIPAA to push back on the misinformation. And unfortunately too many patients give up because the process of getting their health information is too hard.

We can do better.

I helped write OCR’s guidance on the HIPAA Right of Access, which was published in 2016 — and it is immensely frustrating (personally and professionally) to see that the guidance really hasn’t made much of a difference in providing patients with easy access to their health information.

I came to Ciitizen to help change this dynamic. We want to raise the bar on compliance with the HIPAA Right of Access — and make sure patients know their rights.

We will be part of the solution.

Starting now.


For starters, we’re offering free webinars for health information management professionals and compliance staff on the Right of Access — what are the essential elements, and what are we seeing in the field in terms of common areas of noncompliance.

We held the first HIPAA Right of Access Webinar this week. We were joined by Adam Greene, Partner at Davis Wright Tremaine LLP, who is also a veteran of HHS (both in the Office of the General Counsel and at OCR) and who advises clients every day on how to comply with all aspects of HIPAA.

Adam also talked about common areas of noncompliance that he sees, as well as issues that are challenging for professionals to navigate.

The webinar was very well-received by attendees — a recording is available HERE for those who were not able to attend.

Don’t worry if you missed it — we’ll be doing a free webinar series through at least the rest of the year, with the next webinar to take place on July 17th, 2019. Sign up HERE.

We’re also happy to give private webinars to help providers (and contractors) train their staff.

Raising the bar on patient access also means educating patients on their rights — and we’re doing that as well! If you’re a patient advocacy organization, please contact Stacey Tinaniov, our Director of Advocacy and Engagement, at stacey@ciitizen.com to chat about opportunities to educate your members about their access rights under HIPAA.

I’m no longer from the government — but I’m still here to help. Please e-mail us at webinars@ciitizen.com to get on our mailing list and if you have further questions or suggestions about how we can help you.

Share this insight