Industry News

HHS Publishes Final Rule Allowing Patients Direct Access to Laboratory Test Reports.

Lisa Shuman | February 2014

On February 6, the Centers for Medicare & Medicaid Services (CMS) published a final rule that amends the Clinical Laboratory Improvement Amendments of 1988 (CLIA) regulations.  The final rule also eliminates the exception under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule, which limits the individual’s right to access his or her protected health information when state law prohibited a CLIA-certified or CLIA-exempt laboratory to provide access.  Specifically, the final rule will allow a patient or a person designated by the patient to have direct access to the patient’s completed laboratory test reports.  The state laws that limit individuals’ access to completed test reports are now preempted by the final rule.  The new regulations will continue to allow patients access to their laboratory test reports from their doctors, and provide a new option to obtain test reports directly from the laboratory, while protecting the patients’ privacy.

Further, the final rule requires laboratories to provide patients with their completed test reports within 30 days of a request, but does not required the laboratory to explain the results to the patients.  HIPAA covered laboratories will have 180 days from the effective date of the final rule to comply with the regulations.

The final rule takes effect on April 7, 2014.

The final rule is available at:

The Department of Health and Human Services news release is available at:

The CMS fact sheet is available at:

CLIA Program and HIPAA Privacy Rule; Patients’ Access to Test Reports; Final Rule, 79 Fed Reg. 25, 7290 (Feb. 6, 2014).

Department of Health and Human Services.  “HHS Strengthens Patients’ Right to Access Lab Test Reports.”  News Release.  3 Feb. 2014. 

Centers for Medicare & Medicaid Services.  “HHS Finalizes Patients’ Rights to Access Report of Clinical Laboratory Test Results.”  Fact Sheet.  3 Feb. 2014. 

About the Author

Ms. Shuman assists health care organizations to develop, implement and evaluate their compliance programs and HIPAA privacy programs. Ms. Shuman specializes in our firm’s HIPAA Privacy services, including leading privacy investigations, breach risk assessments, breach notification letters, breach reporting to the Office for Civil Rights and corrective actions plans. She specializes in serving as Interim Privacy Officer for large health care systems, managed care organizations, comprehensive cancer center and health care business associate.