Have you ever asked your healthcare provider to send you medical records by email?  Most likely, you’ve received the reply: “We can’t do that.  We can only fax them to you or provide you with a paper copy.”  This answer is wrong.

HIPAA’s right for individuals to access their health information, 45 CFR § 164.524, provides:

The covered entity must provide the individual with access to the protected health information in the form and format requested by the individual, if it is readily producible in such form and format; or, if not, in a readable hard copy form or such other form and format as agreed to by the covered entity and the individual.

Continue Reading

A study released last month in Jama Open Network entitled Assessment of US Hospital Compliance With Regulations for Patients’ Requests for Medical Records demonstrates that compliance with HIPAA’s right to access medical records remains woeful.  In the second half of 2017, researchers contacted 83 US hospitals and conducted a simulated patient experience to ask for medical records. Among the hospitals, the researchers found that “there was discordance between information provided on authorization forms and that obtained from the simulated patient telephone calls in terms of requestable information, formats of release, and costs.”  On forms, “only 53% provided patients the option to acquire the entire medical record.”  The study concluded that “Requesting medical records remains a complicated and burdensome process for patients despite policy efforts and regulation to make medical records more readily available to patients. Our results revealed inconsistencies in information provided by medical records authorization forms and by medical records departments in select US hospitals, as well as potentially unaffordable costs and processing times that were not compliant with federal regulations.”

I addressed this topic in a blog post about 2 years ago. At that time, I said:

HIPAA doesn’t handle patient access to medical records very well. There are many misunderstandings about patient access under HIPAA that make it quite difficult for patients to obtain their medical information quickly and conveniently. Getting records is currently like a scavenger hunt. Patients have to call and call again, wait seemingly forever to get records, and receive them via ancient means like mail and fax. I often scratch my head at why fax is still used today — it’s one step more advanced than carrier pigeon.  Many covered entities do not send records by email, and getting electronic copies can be quite difficult. Many healthcare providers still maintain paper records in handwriting, and healthcare lags far behind most other industries in the extent to which it has moved to digital records.

Sadly, as this study confirms, little has changed.

Continue Reading