i so. BEPARTMENT OF HEALTH d: HUMAN SERVICES OFFICE OF THE SECRETARY {215) 361-4441 Of?ce for Civil Rights, Region TDD - (215) 861?4440 15D 5. Independence Hall West FAX - (215) 861-4431 Public Ledger Building, Suite 3?2 Philadelphia, PA 19106-3499 Reference: 14-17244? Investigator: Jamie Rahn Bailey ContactTelephone: 215-861-4432 January 17, 2014 Dear {bli?liblilli?l Thank you for your complaint, which was received by the U.S. Department of Health and Human Services, Of?ce for Civil Rights (OCR), on December 13, 2013. In your complaint, you allege a violation of the Federal Standards for Privacy of Individually Identi?able Health Information andfor the Security Standards for the Protection of Electronic Protected Health Information (45 C.F.R, Pans 160 and 164, Subparts A, C, and of the Privacy and Security Rules). Speci?cally, you allege that the US. Coast Guard Clinic (USCGC) in Baltimore, Maryland refuses to provide you with your client?s medical records due-Spite having received your written request for these records. OCR enforces the Privacy and Security Rules, and also enforces Federal civil rights laws which prohibit discrimination in the delivery of health and human services because of race, color, national origin, disability, age, and under certain circumstances, sex and religion, OCR will not be able to accept your complaint for investigation. Your allegation, even if fully substantiated, would not violate the Privacy Ride. The Privacy Rule, at 45 CPR. gives an individual the right of access to inspect and to obtain a copy of hisfher protected health information (PI-II), with limited exceptions, for as long as that information is maintained by the covered entity in its designated record set. Pursuant to 45 C.F.R. ?164.502(g) of the Privacy Rule, covered entities are required to treat an individual?s personal representative as the individual with respect to uses and disclosures of PHI. As such, covered entities must provide an individual?s personal representative with access to the individual?s PHI in accordance with 45 CPR. ?164524 to the extent such information is relevant to such representation. For adults or emancipated minors, a personal representative as defined by the Privacy Rule is a person who has the authority to make decisions related to health care for the adult or emancipated minor. Thus, the Privacy Rule does not require that covered entities send medical information to other third parties, such as an individual?s attorney, who are not acting in the capacity of a personal representative as de?ned by the Privacy Rule. Therefore. OCR is closing this complaint. Our determination does not preclude your client from ?ling a complaint with OCR against USCGC for failure to provide the relevant medical records directly to your client, if that should be the case. determination as stated in this letter applies only to the allegations in this complaint that were reviewed by OCR. Under the Freedom of Information Act, we may be required to release this letter and other information about this case upon request of the public. In the event OCR receives such a request, we will make every effort, as permitted by law, to protect information that identi?es individuals or that, if released, could constitute a clearly unwarranted invasion of personal privacy. For your informational purposes, OCR has enclosed material regarding the Privacy Rule provisions related to Access to Medical Records. For additional information regarding Personal Representatives under the Privacy Rule, please review the information provided on our website at the following link: ovfocrr' rivac fhi aafunderstandin coveredentitiesf ersonalr We regret that we are unable to assist you any further with this matter. Sincerely, Barbara J. Holland Regional Manager Enclosure: Individual?s Right to Access Medical Records