What is a Patient Access Request?
When requesting a patient’s records with PatientBank, you will fill out and submit a standard Patient Access Request form.
The only required components of an Access Request, per HIPAA, are to be “in writing, signed by the individual, and clearly identify the designated person and where to send the PHI” (45 CFR 164.524(c)(3)(ii)).
The Patient Access Request form is not the same as a HIPAA Authorization. To learn more about the differences between an Access Request and a HIPAA Authorization, review this table from the Health and Human Services (HHS) Guidance.
Why use a Patient Access Request?
The Patient Access Request allows you to streamline your request process, as you can submit this standard form on behalf of any patient to any provider.
Unlike a HIPAA Authorization, a provider must act on a Patient Access Request within 30 days, and any fees charged to patients must be within the strict limits set by HIPAA (45 CFR 164.524).
What to do if the Patient Access Request is rejected?
At this time, many medical records departments are not familiar with the format and compliance of the Patient Access Request.
If your Access Request is rejected by a medical records department, you can refer their supervisor to the following resources:
- Explanation of the standard Patient Access Request form: https://www.patientbank.us/form
- HHS Guidance: https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/access/#anch_92
- 45 CFR 164.524: https://www.law.cornell.edu/cfr/text/45/164.524
Per Guidance from HHS, a provider is not permitted to require use of a HIPAA Authorization if a patient submits a Patient Access Request. Per HHS, “a HIPAA authorization is not required for individuals to request access to their PHI, including to direct a copy to a third party.”
If we can provide further support, please reach out by email at firstname.lastname@example.org or by phone at (855) 972-8436.