{"id":111,"date":"2020-02-24T04:55:19","date_gmt":"2020-02-24T09:55:19","guid":{"rendered":"http:\/\/apexcompliance.net\/blog\/target\/federal-court-strikes-down-hipaa-fee-limitations-for-third-party-medical-records-requests\/"},"modified":"2020-02-27T03:01:56","modified_gmt":"2020-02-27T08:01:56","slug":"federal-court-strikes-down-hipaa-fee-limitations-for-third-party-medical-records-requests","status":"publish","type":"post","link":"https:\/\/apexcompliance.net\/blog\/2020\/02\/24\/federal-court-strikes-down-hipaa-fee-limitations-for-third-party-medical-records-requests\/","title":{"rendered":"Federal Court Strikes Down HIPAA Fee Limitations for Third-Party Medical Records Requests"},"content":{"rendered":"<p>On Jan. 29, 2020, OCR released a notice regarding a recent federal court ruling in the case of <em>Ciox Health, LLC v. Azar, et al., <\/em>where a federal judge in the District Court for the District of Columbia vacated the \u201cthird-party directive\u201d within the individual right of access \u201cinsofar as it expands the HITECH Act\u2019s third-party directive beyond requests for a copy of an electronic health record with respect to protected health information (\u201cPHI\u201d) of an individual \u2026 in an electronic format.\u201d<sup>1 <\/sup>Additionally, the court held that the fee limitation set forth at 45 CFR \u00a7 164.524(c)(4) should only to an individual\u2019s request for access to their own records, and does not apply to an individual\u2019s request to transmit records to a third party.<\/p>\n<p>The <em>Ciox Health<\/em> case centered on the restrictions the Department of Health and Human Services (\u201cHHS\u201d) and the Office for Civil Rights (\u201cOCR\u201d) put in place in the 2013 Omnibus Rule<sup> 2 <\/sup>and through informal guidance published in 2016 regarding fees that can be charged to patient in searching for, retrieving, and delivering their records and PHI as it pertains to third-party directives. Third-party directives are a mechanism promulgated by the HITECH Act that granted individuals the right to obtain a copy of their PHI maintained electronically, and \u201cif the individual so chooses, to direct the covered entity to transmit such copy directly to an entity or person designed by the individual.\u201d<sup>3<\/sup> Additionally, the HIPAA Privacy Rule permits a reasonable cost-based fee to provide the individual (or the individual\u2019s personal representative) with a copy of the individual\u2019s PHI, or to direct a copy to a designated third party. The fee may include only the cost of certain labor, supplies, and postage (this fee is also referred to as the \u201cPatient Rate\u201d).<sup>4<\/sup><\/p>\n<p>[&#8230;]<\/p>\n<p>[1] Ciox Health, LLC v. Azar, et al., No. 18-cv-0040 (D.D.C. January 23, 2020)<\/p>\n<p>[2] See Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the [HITECH] Act and the Genetic Information Nondiscrimination Act; Other Modifications to the HIPAA Rules, 78 Fed. Reg. 5,566 (Jan. 25, 2013).<\/p>\n<p>[3] 42 U.S.C. \u00a7 17935(e);<\/p>\n<p>[4] 45 CFR \u00a7 164.524(c)(4)<\/p>\n<p><strong>[&#8230;]<\/strong><\/p>\n<p><em><strong>This is an excerpt from a previously published article.<\/strong><\/em><\/p>\n<p id=\"mct-ai-attriblink\"><a href=\"https:\/\/www.natlawreview.com\/article\/federal-court-strikes-down-hipaa-fee-limitations-third-party-medical-records\" target=\"_blank\" rel=\"noopener noreferrer\">Click here to view full original article at www.natlawreview.com<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>On Jan. 29, 2020, OCR released a notice regarding a recent federal court ruling in the case of <em>Ciox Health, LLC v. Azar, et al., <\/em>where a federal judge in the District Court for the District of Columbia vacated the \u201cthird-party directive\u201d within the individual right of access \u201cinsofar as it expands the HITECH Act\u2019s third-party directive beyond requests for a copy of an electronic health record with respect to protected health information (\u201cPHI\u201d) of an individual \u2026 in an electronic format.\u201d&hellip; <a href=\"https:\/\/apexcompliance.net\/blog\/2020\/02\/24\/federal-court-strikes-down-hipaa-fee-limitations-for-third-party-medical-records-requests\/\" class=\"read-more\">Read More <\/a><\/p>","protected":false},"author":1,"featured_media":386,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[36,18],"tags":[39,20],"_links":{"self":[{"href":"https:\/\/apexcompliance.net\/wp-json\/wp\/v2\/posts\/111"}],"collection":[{"href":"https:\/\/apexcompliance.net\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/apexcompliance.net\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/apexcompliance.net\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/apexcompliance.net\/wp-json\/wp\/v2\/comments?post=111"}],"version-history":[{"count":0,"href":"https:\/\/apexcompliance.net\/wp-json\/wp\/v2\/posts\/111\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/apexcompliance.net\/wp-json\/wp\/v2\/media\/386"}],"wp:attachment":[{"href":"https:\/\/apexcompliance.net\/wp-json\/wp\/v2\/media?parent=111"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/apexcompliance.net\/wp-json\/wp\/v2\/categories?post=111"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/apexcompliance.net\/wp-json\/wp\/v2\/tags?post=111"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}