Skip to main content

Covered entities (CEs) that have flirted with the 30-day mark for response time with patient requests for access to or copies of their protected health information (PHI) should take notice: they may need to get better. Two times better, that is.

The Department of Health and Human Services (HHS) in its Notice of Proposed Rulemaking (NPRM) released December 10, 2020 calls for shortening CEs’ required response time to no later than 15 calendar days (from the current 30 days) with the opportunity for an extension of no more than 15 calendar days (from the current 30-day extension).


Bowen is an established author and speaker on healthcare privacy and security. She is an active member of the American Health Information Management Association (AHIMA), having served as its President and Board Chair, as a member of the Board of Directors and of the Council on Certification, and currently sits on the AHIMA Foundation Board of Directors. In her role at MRO, Bowen works with clients to ensure HIM policies and procedures are to code. Additionally, Bowen serves as the company’s Privacy and Compliance Officer (CPO).

More Posts