Patient access to their helath information is guaranteed by HIPAA and is a "fundamental component of a high quaity, person-centered health system," according to a post on the Office of the National Coordinator for Health IT's blog.

Authored by National Coordinator Karen DeSalvo, MD, MPH, MSC, and Chief Privacy Officer Lucia Savage, the post discusses the recently updated Frequently Asked Questions that clarify how an individual’s right to access their individual health information operates, including key points related to electronic health information sharing. "In order to effectively manage their health, individuals need to be able to access and use their health information when, where, and how they want, including sending it to the people and tools helping them become or stay healthy--neighbors, friends, relatives, healthcare providers who are treating or consulting with the individual, or even third-party software tools used for self-management," they wrote. 

The U.S. Department of Health and Human Services Office for Civil Rights is the entity responsible for interpreting and enforcing HIPAA and its updated guidance makes it clear that accessing and obtaining copies of one's health infromation is a right, not a privilege. This right extends to a broad array of information, including labs, images, prescription history, physician notes, diagnoses and similar information.

The right includes access to an electronic copy of one’s health information contained in an EHR or otherwise maintained in an electronic format, whenever the provider or its business associate is capable of producing an electronic copy, not just if they are willing to produce such information. Functions specified in ONC’s regulations on Certified EHR Technology empower individuals to take advantage of this HIPAA right because ONC’s rule makes transmission by the consumer a required functionality of certified EHR software.

This kind of patient access is part of the learning health system laid out in the national interoperability roadmap issued by ONC last year. "The roadmap, developed with input from the private sector and consumers, champions access to one’s health information as a critical underpinning of a vibrant, learning health system where individuals are at the center of their care and where providers can seamlessly and securely access and use health information from different sources," the blog reads.

The updated FAQs lets HIPAA-covered entities off the hook for disclosure of protected health information while in transmission to the individual. Covered entities also are not responsible for safeguarding the information once delivered to the individual.

"We hope all stakeholders will step up and embrace this guidance and these shared commitments," write DeSalvo and Savage. "This is a major step forward that will advance our goals of nationwide interoperability and a system of better care, smarter spending and healthier people."