Access of Health Care Providers. Upon patient consent, only the health care provider shall have access to the patient's health information and authorized entities as defined in Article IV, Section 1.
Accessible Information for Health Care Providers shall be the following:
a.) History of past illness;
b.) Family history of illness;
c.) History of present illness;
d.) Clinical history, including immunization records, previous operations and treatment;
e.) Allergies;
f.) Medication history including adverse effects, if any;
g.) Results of laboratory and diagnostic procedures;
h.) Treatment outcome (Final diagnoses shall be included whether clinical or confirmed).
Approval of Access. The head of the medical record section or unit shall recommend the creation of user credentials for personnel that shall have access to the electronic medical records. The head of the facility shall approve the system access request.
Access of User/Patient. Consenting patients shall have the rights to access on how their health information is being used. The health facility shall ensure that disclosures and any subsequent changes are documented.
For Minors. Either parent or legal guardian shall have access to the child's health information. If the parents are separated, the one granted legal custody, or legal guardian if one has been appointed by court shall have the right to access.
For Incapacitated. In cases when the person requesting for information is incapacitated, a special power of attorney shall be allowed.
Access of Third Party. A third party is allowed access to health information that is provided in the contract or a required by law.
Third Party Use and Disclosure. A third party shall not disclose health information other than as provided by contract or as required by law. They shall also agree to use appropriate safeguards to prevent use and disclosure of the health information other than as provided by contract or as required by law.
A third party shall report to the health care provider any use or disclosure of health information not provided for by the agreement of which it becomes aware, including breaches of unsecured health information, and any security incident of which it becomes aware.
* Herold R., Beaver K. (2015). The Practical Guide to HIPAA Privacy and Security Compliance. 2nd edition. Boca Raton, FL: CRC Press.