Here are resources to help clarify the rights of patients under HIPAA Rules:
Model Patient Privacy Notice, produced by the federal government, and containing a listing of your rights.
Explanation of how your doctor may calculate fees charged for copies of your health records.
In its Guide to Privacy and Security of Electronic Health Information, the feds tell health care providers they “must accommodate reasonable requests” from patients.
This Fact Sheet, titled Medical Privacy of Protected Health Information, offers a good overview of patient rights.
To learn more about incidental disclosures that are permissible under HIPAA, click here.
Some additional things to be aware of:
Page 5634 of the Privacy Rule states that: “Covered entities are permitted to send an individual unencrypted emails if they have advised the individual of the risk, and the individual still prefers the unencrypted email.”
The important thing is the patients/guardians are advised of risks, and that they consent based on personal preference.
Also, be aware of this provision on Page 5634 of the Privacy Rule:
“Covered entities are not responsible for unauthorized access of protected health information while in transmission to the individual based on the individual’s request. Further, covered entities are not responsible for safeguarding information once delivered to the individual.”