NRPM: Standards for Privacy of Individually Identifiable Health Information. a. Right of access for inspection or copying. (§ 164.514(a))


In § 164.514, we are proposing that, with very limited exceptions, individuals have a right to inspect and copy protected health information about them maintained by a covered health plan or health care provider in a designated record set. Individuals would also have a right of access to protected health information in a designated record set that is maintained by a business partner of a covered plan or provider when such information is not a duplicate of the information held by the plan or provider, including when the business partner is the only holder of the information or when the business partner has materially altered the protected health information that has been provided to it.

This right of access means that an individual would be able to either inspect or obtain copies of his or her health information maintained in a designated record set by covered plans and providers and, in limited circumstances, by their business partners. Inspection and copying is a fundamental aspect of protecting privacy; this right empowers individuals by helping them to understand the nature of the health information about them that is held by their providers and plans and to correct errors. In order to facilitate an open and cooperative relationship with providers and allow the individual a fair opportunity to know what information is held by an entity, inspection and copying should be permitted in almost every case

While the right to have access to one’s information may appear somewhat different from the right to keep information private, these two policy goals have always been closely tied. For example, individuals are given an almost absolute right of access to information in federal health record systems under the Privacy Act of 1974 (5 U.S.C. 552a(d)). The Privacy Protection Study Commission recommended that this right be available. (Personal Privacy in an Information Society 299 (1977)). The right of access was a key component of the President’s Advisory Commission on Consumer Protection and Quality in the Health Care Industry recommendations in the Consumer Bill of Rights and Responsibilities. The Commission’s report stated that consumers should “have the right to review and copy their own medical records and request amendments to their records.” (Consumer Bill of Rights and Responsibilities, Chapter Six: Confidentiality of Health Information, November 1997). Most recently, the Health Privacy Project issued a statement of “Best Principles for Health Privacy” that included the same recommendation. Health Privacy Project, Institute for Health Policy Solutions, Georgetown University (June 1999) (

Open access to health information can benefit both the individuals and the covered entities. It allows individuals to better understand their own diagnosis and treatment, and to become more active participants in their health care. It can increase communication, thereby enhancing individuals’ trust in their health care providers and increasing compliance with the providers’ instructions. If individuals have access to and understand their health information, changing providers may not disrupt health care or create risks based on lack of information (e.g., drug allergies or unnecessary duplication of tests).