How Does Your Practice Respond to a Patient’s Right of Access?

How does your practice respond to a patient’s request to access their records? The HIPAA Privacy Rule gives patients the right to see and get copies of their health information. Providers are required to respond to those requests in a timely manner and only charge the patient a reasonable fee. Since the original HIPAA Privacy Rule was published, conflicting guidance has caused a lot of confusion about the process. Patients who have trouble getting copies of their records or are charged high fees for copies have filed complaints with The Office for Civil Rights (OCR). The OCR issued its 27th Right of Access Initiative settlement agreement in March 2022.

Join Abby G. Mitchell, HCISPP, CRISC, CHPC, CHC, as she gives an update on the OCR’s Right of Access Initiative and walks you through the requirements for patient access requests, permitted fees, and what to consider when developing your process.

After attending this webinar, an attendee should be able to:

  • Discuss the importance of the patient’s right of access granted by HIPAA
  • Identify the components of a designated record set.
  • Describe the different types of access requests.
  • Recall guidance on allowable fees for access requests.


Lecturer – Abby G. Mitchell, HCISPP, CRISC, CHPC, CHC

Abby began her career as a corporate paralegal and has worn many hats in large companies as well as healthcare startups. Prior to joining Total Medical Compliance, she served as Privacy Officer and Data Governance Liaison at CoverMyMeds. Abby earned a bachelor’s degree in German translation and paralegal studies from Kent State University and holds privacy and security certifications from the Health Care Compliance Association, ISACA, and ISC2. She currently volunteers as the Vice President of the Charlotte, North Carolina Chapter of the Information Systems Security Association.

No CE credit for the recorded version.

On-Site Consulting Services Available

Along with your on-site full service program you receive all the compliance components you need to be OSHA compliant. You have access to online training for new hires or those that missed the on-site training. Your TMC consultant will go through your facility and do a thorough facility audit with an electronic report, meet with your Safety Officer and go over the Compliance manual and officer duties. We provide you with a complimentary spill kit, secondary labels, OSHA support, and work with you to achieve OSHA compliance to create a long-lasting relationship with you rather than just providing a how-to-guide that requires you to do all the work. Our goal is to be your primary resources for HIPAA, OSHA, and Infection Control compliance.