HIPAA's Right of Access: Compliance Challenges, OCR Enforcement, and Best Practices
Recording of a 90-minute CLE video webinar with Q&A
This CLE course will guide healthcare counsel on HIPAA's right of access. The panel will discuss defining the designated record set and evaluate common scenarios in which liability may arise. The panel will also discuss the U.S. Department of Health and Human Services Office for Civil Rights (OCR's) right of access enforcement efforts. The panel will offer best practices for compliance.
Outline
- HIPAA basics and the right of access
- HIPAA Right of Access Initiative
- Common scenarios in which liability may arise
- Intersection with the interoperability rule
- Applicable state law
- Record retention
- Best practices
Benefits
The panel will review these and other relevant issues:
- What compliance challenges are covered entities facing today with respect to the HIPAA right to access?
- What steps should covered entities take to define designated record sets and otherwise ensure compliance with access requirements?
- Under its Right of Access Initiative, what actions has OCR taken to enforce the requirements?
Faculty

Jo-Ellyn Sakowitz Klein
Senior Counsel
Akin Gump Strauss Hauer & Feld
Ms. Klein is a leading practitioner on privacy and data protection matters. She has focused on privacy and data... | Read More
Ms. Klein is a leading practitioner on privacy and data protection matters. She has focused on privacy and data protection law for almost 20 years. Ms. Klein devotes a substantial portion of her practice to assisting clients with issues arising under state and federal privacy, security and data breach notification laws and regulations. These include the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH), Section 5 of the Federal Trade Commission Act, and myriad state privacy, security and breach notification laws. She assists clients in navigating the intersection between federal privacy and data protection laws and state regimes such as the California Consumer Privacy Act (CCPA), California Confidentiality of Medical Information Act (CMIA), the New York Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) and the Nevada Privacy of Information Collected on the Internet from Consumers Act, as amended by Nevada Senate Bill 220 (NPICICA). Ms. Klein has examined privacy and data protection issues arising in settings ranging from hospitals to professional sports to the medical device industry to the telecommunications industry.
Close
Valerie Breslin Montague
Partner
Nixon Peabody
Ms. Montague represents a variety of health care providers, digital health companies, senior living facilities,... | Read More
Ms. Montague represents a variety of health care providers, digital health companies, senior living facilities, nonprofit trade associations, life sciences companies, and vendors of health care providers. She is a Certified Information Privacy Professional/United States (CIPP/US), the preeminent credential in the field of privacy. Ms. Montague assists health care providers and business associates of all types in complying with the requirements of HIPAA and the HITECH Act, from the development of policies and workforce training to analysis and notification of breaches to guidance through Office for Civil Rights investigations. She also advises vendors initiating arrangements with health care entities on whether their business triggers HIPAA. Beyond HIPAA, Ms. Montague counsels health care providers on compliance with other federal and state health information confidentiality requirements, as well as cybersecurity best practices.
Close