How Does Your Practice Respond to a Patient’s Right of Access?

How does your practice respond to a patient’s request to access their records? The HIPAA Privacy Rule gives patients the right to see and get copies of their health information. Providers are required to respond to those requests in a timely manner and only charge the patient a reasonable fee. Since the original HIPAA Privacy Rule was published, conflicting guidance has caused a lot of confusion about the process. Patients who have trouble getting copies of their records or are charged high fees for copies have filed complaints with The Office for Civil Rights (OCR). The OCR issued its 27th Right of Access Initiative settlement agreement in March 2022.

Join Abby Mitchell, HCISPP, CRISC, CHPC, CHC, as she gives an update on the OCR’s Right of Access Initiative and walks you through the requirements for patient access requests, permitted fees, and how access requests differ from patient authorizations.

After attending this webinar, an attendee should be able to:

  • Discuss the importance of the patient’s right of access granted by HIPAA
  • Identify the components of a designated record set.
  • Describe the difference between a patient access request and an authorization.
  • Recall guidance on allowable fees for access requests.


Lecturer – Abby Mitchell, HCISPP, CRISC, CHPC, CHC

Abby started her career at a law firm in Cleveland, Ohio. There, she worked on corporate governance, mergers and acquisitions, and securities. After holding a position at GOJO Industries, the inventors of PURELL®; she joined MemberHealth in 2006, which became the third largest Medicare Part D plan nationwide. That company was acquired by CVS Caremark and she left in 2010 to pursue a position in the mining and metals industry as contracts management support to the international strategic sourcing group at Cleveland-Cliffs. In 2014, she joined CoverMyMeds as the manager of contracts administration and legal operations and went on to become the privacy officer and data governance liaison. Abby earned a bachelor’s degree in German translation and paralegal studies from Kent State University and holds several professional certifications in health care privacy, compliance, and information security.

No CE credit for the recorded version.

On-Site Consulting Services Available

Along with your on-site full service program you receive all the compliance components you need to be OSHA compliant. You have access to online training for new hires or those that missed the on-site training. Your TMC consultant will go through your facility and do a thorough facility audit with an electronic report, meet with your Safety Officer and go over the Compliance manual and officer duties. We provide you with a complimentary spill kit, secondary labels, OSHA support, and work with you to achieve OSHA compliance to create a long-lasting relationship with you rather than just providing a how-to-guide that requires you to do all the work. Our goal is to be your primary resources for HIPAA, OSHA, and Infection Control compliance.