Data masking or controlled access provides a means for patients to control disclosure of select information within the
Can patients request that access to sensitive data be controlled? Can patients request that only certain people can access their PHI? Can they request an audit of how their data has been shared by a covered entity? If so, do (or should) Notices of Privacy Practices specify these privacy rights?