What is a Patient Access Request?
PatientBank developed a standard Patient Access Request form, in accordance with the requirements set by 45 CFR 164.524.
The only required components of an Access Request, per HIPAA, are to be “in writing, signed by the individual, and clearly identify the designated person and where to send the PHI” (45 CFR 164.524(c)(3)(ii)).
For further explanation of how the PatientBank form complies with HIPAA, please visit https://www.patientbank.us/form.
Patient Access Request vs. HIPAA Authorization
The Patient Access Request form is not the same as a HIPAA Authorization. To learn more about the differences between an Access Request and a HIPAA Authorization, review this table from the Health and Human Services (HHS) Guidance.
Unlike a HIPAA Authorization, a provider must act on a Patient Access Request within 30 days, and any fees charged to patients must be within the strict limits set by HIPAA (45 CFR 164.524).
Per Guidance from HHS, a provider is not permitted to require use of a HIPAA Authorization if a patient submits a Patient Access Request. Per HHS, “a HIPAA authorization is not required for individuals to request access to their PHI, including to direct a copy to a third party.”
If we can provide further support, please reach out by email at firstname.lastname@example.org or by phone at (855) 972-8436.