On February 6, 2014, the U.S. Department of Health & Human
Services' (HHS) Centers for Medicare & Medicaid Services
(CMS), Centers for Disease Control and Prevention (CDC), and Office
for Civil Rights jointly published a final rule amending the HIPAA Privacy Rule and
the Clinical Laboratory Improvement Amendments of 1988 (CLIA)
regulations to provide patients with direct access to laboratory
test reports. HHS believes that a right to access these test
reports under HIPAA is crucial to provide patients with vital
information to empower them to better manage their health and take
action to prevent and control disease. The amendments to both
regulations become effective April 7, 2014, and HIPAA-covered
laboratories must comply with the new right by October 6, 2014.
Under the currently enforced Privacy Rule, a patient's right
to access his or her protected health information (PHI) is limited
with respect to PHI maintained by a CLIA laboratory or a
CLIA-exempt laboratory. This limitation was included in the Privacy
Rule because the existing CLIA regulations may prohibit
such laboratories from disclosing this information. Currently, a
CLIA laboratory may only disclose laboratory test results
to three categories of individuals or entities: (1) the
"authorized person," (2) the health care provider who
will use the test results for treatment purposes, and (3) the
laboratory that initially requested the test. An "authorized
person" is the individual authorized under state law to order
or receive test results. If a state does not authorize patients to
receive their test results, the patients must receive this
information from their health care providers.
The final rule modifies the CLIA regulations to allow
laboratories subject to CLIA, upon the request of a patient (or the
patient's personal representative), to provide access to
completed test reports that – using the laboratory's
authentication process – can be identified as belonging to
that patient. With respect to the Privacy Rule, the final rule
removes the exceptions to a patient's right of access related
to CLIA and CLIA-exempt laboratories. Therefore, as of October 6,
2014, HIPAA-covered laboratories will be required to
provide a patient or his or her personal representative with
access, upon request, to the patient's completed test reports,
as well as to other PHI maintained in a designated record set. For
purposes of the final rule, test reports are not part of a
designated record set until they are "complete." A test
report is considered complete when all results associated with an
ordered test are finalized and ready for release. These changes to
the Privacy Rule preempt any contrary state laws that prohibit a
HIPAA-covered laboratory from providing patients direct access to
their completed test results.
In order to comply with the amended Privacy Rule, HIPAA-covered
laboratories should develop and implement a policy and procedure to
receive and respond to patient requests. Processing a request for a
test report, either manually or electronically, will require
completion of the following steps: (1) receipt of the request from
the individual; (2) authentication of the identification of the
individual; (3) retrieval of test reports; (4) verification of how
and where the individual wants the test report to be delivered and
provision of the report by mail, fax, email or other electronic
means; and (5) documentation of test report issuance. Additionally,
HIPAA-covered laboratories must revise their notice of privacy
practices to inform patients of their right to access completed
test reports, including a brief description of how to exercise the
right, and removing any statements to the contrary.
This amendment to the regulations is consistent with OCR's
focus on improving patients' rights under the Privacy Rule, and
represents another important aspect of policy change and
documentation efforts for HIPAA-covered entity providers.
This article is presented for informational purposes only
and is not intended to constitute legal advice.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
My New Year's resolutions will likely be broken early and often in 2016. My consequences are mostly nonmonetary: a few more pounds, a little less savings, and not winning the triathlon in my age group.
Employers with more than 50 employees are usually aware that the Family Medical Leave Act (FMLA) may apply to their business and their workers. That law, which provides for protected leave for employees in certain situations and various amounts, can sound simple but is very complex in its details.
For the second time in less than a year, the U.S. Department of Justice (DOJ) has filed an antitrust complaint against hospital systems that agreed to not advertise on billboards or in print in each other's home county.
Arguing that the current state of the law weakens the patent system and poses a danger to life science innovators, biotechnology company, Sequenom, Inc., has filed a writ of certiorari with the U.S. Supreme Court, asking the Court to provide clarification regarding the limits of 35 U.S.C. § 101 as it relates to patent eligibility of diagnostic tests.