or (ii) of this section, as applicable, the covered entity may extend the time for
such actions by no more than 30 days, provided that:
(A) The covered entity, within the time limit set by paragraph (b)(2)(i) or (ii) of
this section, as applicable, provides the individual with a written statement of the
reasons for the delay and the date by which the covered entity will complete its
action on the request; and
(B) The covered entity may have only one such extension of time for action on a
request for access.
Implementation specifications: provision of access. If the covered entity
provides an individual with access, in whole or in part, to protected health
information, the covered entity must comply with the following requirements.
Providing the access requested. The covered entity must provide the
access requested by individuals, including inspection or obtaining a copy, or
both, of the protected health information about them in designated record sets. If
the same protected health information that is the subject of a request for access is
maintained in more than one designated record set or at more than one location,
the covered entity need only produce the protected health information once in
response to a request for access.
Form of access requested.
(i) The covered entity must provide the individual with access to the protected
health information in the form or format requested by the individual, if it is
readily producible in such form or format; or, if not, in a readable hard copy
form or such other form or format as agreed to by the covered entity and the
(ii) The covered entity may provide the individual with a summary of the
protected health information requested, in lieu of providing access to the
protected health information or may provide an explanation of the protected
health information to which access has been provided, if:
(A) The individual agrees in advance to such a summary or explanation; and
(B) The individual agrees in advance to the fees imposed, if any, by the covered
entity for such summary or explanation.
Time and manner of access. The covered entity must provide the access as
requested by the individual in a timely manner as required by paragraph (b)(2) of
this section, including arranging with the individual for a convenient time and
place to inspect or obtain a copy of the protected health information, or mailing
the copy of the protected health information at the individual's request. The
covered entity may discuss the scope, format, and other aspects of the request for
access with the individual as necessary to facilitate the timely provision of access.
(4) Fees. If the individual requests a copy of the protected health information
or agrees to a summary or explanation of such information, the covered entity
may impose a reasonable, cost-based fee, provided that the fee includes only the
(i) Copying, including the cost of supplies for and labor of copying, the protected
health information requested by the individual;
(ii) Postage, when the individual has requested the copy, or the summary or
explanation, be mailed; and