On January 7, 2016, the HHS Office for Civil Rights released guidance on individuals’ right to access health information under the HIPAA Privacy Rule. The guidance clarifies areas of confusion and non-compliance by covered entities and business associates, particularly in light of the proliferation of electronic health records and electronic health information. Areas of emphasis include: the provision of protected health information (PHI) in electronic form and format, use of mail and email, eliminating barriers to access including inappropriate fees, and distinctions between the requirements of the HIPAA Privacy Rule and the CMS Electronic Health Records Incentive program. Covered entities should review their HIPAA compliance practices in light of this guidance, particularly to ensure compliance with the 2013 HIPAA modifications. Click here for a more detailed analysis of key takeaways from our client alert.