§164.524(a) Standard: Access to protected health information. (3) Reviewable grounds for denial. A covered entity may deny an individual access, provided that the individual is given a right to have such denials reviewed, as required by paragraph (a)(4) of this section, in the following circumstances:
(i) A licensed health care professional has determined, in the exercise of professional judgment, that the access requested is reasonably likely to endanger the life or physical safety of the individual or another person;
(ii) The protected health information makes reference to another person (unless such other person is a health care provider) and a licensed health care professional has determined, in the exercise of professional judgment, that the access requested is reasonably likely to cause substantial harm to such other person; or
(iii) The request for access is made by the individual’s personal representative and a licensed health care professional has determined, in the exercise of professional judgment, that the provision of access to such personal representative is reasonably likely to cause substantial harm to the individual or another person.
Audit Inquiry
Are policies and procedures in place regarding review of denials of access? Inquire of management.
Obtain and review policies and procedures to determine if the adopted process for the review of the denial of access complies with the mandated criteria.
Review documentation obtained for item 66 for consistency with these requirements