Skip to main content

The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule generally requires HIPAA covered entities—health plans and most healthcare providers—to provide individuals, upon request, with access to protected health information (PHI) about them in one or more “designated record sets” maintained by or for the covered entity.[1] This includes the right to inspect and/or obtain a copy and the right to direct the covered entity to transmit a copy to a designated person or entity of the individual’s choice. This right applies as long as the covered entity, or its business associate, maintains the information, regardless of the date the information was created, and whether the information is maintained in paper or electronic systems on-site, remotely, or is archived.


Bowen is an established author and speaker on healthcare privacy and security. She is an active member of the American Health Information Management Association (AHIMA), having served as its President and Board Chair, as a member of the Board of Directors and of the Council on Certification, and currently sits on the AHIMA Foundation Board of Directors. In her role at MRO, Bowen works with clients to ensure HIM policies and procedures are to code. Additionally, Bowen serves as the company’s Privacy and Compliance Officer (CPO).

More Posts