Patient Access to Medical Records: Who, What and When

Patient Access to Medical Records: Who, What and When

Following an enforcement initiative that has resulted in over 50 enforcement actions involving covered entities and business associates, the patient right of access under the HIPAA Privacy Rule is again in the spotlight.

In December 2025, the U.S. Department of Health and Human Services (HHS) announced an investigation into a complaint involving vaccination of a student without parental consent. In connection with that announcement, the Office for Civil Rights (OCR) issued a Dear Colleague letter reminding HIPAA-regulated entities of their obligation to provide timely access, including when a parent requests access to their minor child’s record (unless an exception applies). HRSA announced a new grant requirement related to parental consent that began appearing in January 2026.

This webinar is especially relevant considering these recent announcements. The presentation will help HIPAA covered entities, including community health centers, to understand when and how patients may request their medical records and review the options for responding to such requests. This presentation will also cover when personal representatives, such as parents and guardians, may request a minor child’s medical records.

This session will:

• Identify patient access rights under federal law, including the HIPAA Privacy Rule and the Information Blocking Rule
• Explain when a health care provider must provide access to a patient and when they have discretion to deny or limit access
• Clarify how state and federal laws affect whether parents have access to the records of minor patients