If you are reading this, you are probably aware that patients have the right, under the HIPAA Privacy rule, to obtain a paper copy of their Medical Record/Protected Health Information (PHI). You may not be aware, though, that healthcare providers must also produce an electronic copy of a patient’s PHI on demand. According to HHS and the Office of Civil Rights, “… individuals also have a right under the Privacy Rule to obtain a copy of their PHI in a designated record set, such as a medical or billing record, maintained by the covered entity. A covered entity generally must provide the individual with access to the information to which the individual is entitled within 30 days of the request.
In addition, the covered entity must provide the individual with access to the PHI in the form or format requested by the individual, if it is readily producible in such form or format.
See 45 C.F.R. § 164.524. Thus, covered entities are required to provide the individual with a copy of the PHI in the electronic form requested by the individual if such form is readily producible by the covered entity.”
The regulation goes on to mention Personal Health Record (PHR) apps:
“... a covered entity may provide the PHI directly to the individual for the individual to enter into the PHR or, if the functionality exists, and where the individual has granted the covered entity authority to upload information directly to the PHR, the covered entity can comply with the access request by entering the information directly into the PHR rather than giving the individual a separate paper or electronic copy.”