NRPM: Standards for Privacy of Individually Identifiable Health Information. b. Grounds for denial of access for inspection and copying.


Proposed § 164.514 would permit denial of inspection and copying under very limited circumstances. The categories of denials would not be mandatory; the entity could always elect to provide all of the requested health information to the individual. For each request by an individual, the entity could provide all of the information requested or it could evaluate the requested information, consider the circumstances surrounding the individual’s request, and make a determination as to whether that request should be granted or denied. We intend to create narrow exceptions to the stated rule of open access and we would expect covered plans and providers to employ these exceptions rarely, if at all.

In proposing these categories of permissible denials, we are not intending to create a legal duty for the entity to review all of the health information before releasing it. Rather, we are proposing them as a means of preserving the flexibility and judgment of covered plans or providers under appropriate circumstances.

Entities subject to the Privacy Act would not be able to deny a request for inspection and copying under all of the circumstances permitted by this proposed rule. They would continue to be governed by the denials permitted by the Privacy Act and applicable regulations. See section II.I.4.a for further discussion.