The page below is a sample from the LabCE course HIPAA Privacy and Security Rules for All Healthcare Personnel. Access the complete course and earn ASCLS P.A.C.E.-approved continuing education credits by subscribing online.

Learn more about HIPAA Privacy and Security Rules for All Healthcare Personnel (online CE course) »
How to Subscribe

Individual's Rights Under HIPAA

HIPAA provides for the following patient rights:
  • Right of Notice
    • Individuals have the right to know why PHI is being collected, and to whom it may be disclosed.
  • Right of Access
    • Individuals may access their own PHI upon request.
    • Individuals may obtain an electronic copy of their PHI, if the PHI is maintained electronically. If the electronic PHI is not readily producible in the requested format, the covered entity must provide a copy of the PHI in another readable electronic form, such as a PDF, rather than a hard copy. Covered entities must respond to all requests within 30 days, unless the covered entity is granted a one-time 30 day extension.
  • Right to Accounting of Disclosures
    • Individuals have a right to know to whom PHI was disclosed.
  • Right to Amend
    • Individuals may request a change to their PHI.
  • Right to Request Restrictions
    • Individuals may request that PHI be withheld from specific parties.
    • Individuals have the right to restrict disclosures to a health plan concerning treatment when the individual has paid for the treatment entirely out-of-pocket.
  • Individuals may have additional rights under state law.