June Issue of AIS Newsletter Finds Noncompliance With Patient Access Rules

In apparent defiance of government regulations, many HIPAA covered entities are not offering patients the option of receiving an electronic copy of their medical records, finds the June issue of Atlantic Information Services’ Report on Patient Privacy.

  • Share on TwitterShare on FacebookShare on Google+Share on LinkedInEmail a friendRepost This

Washington, DC (PRWEB) June 11, 2014

In apparent defiance of final Health Information Technology for Economic and Clinical Health Act (HITECH) regulations, many Health Insurance Portability and Accountability Act (HIPAA) covered entities (CEs) are not offering patients the option of receiving an electronic copy of their medical records, let alone in the “form and format” of their choosing, as has been required since January 2013, finds Atlantic Information Services, Inc.’s Report on Patient Privacy (RPP). For its June issue, RPP took a look at the websites of several prominent health systems and discovered that some are imposing fees for copies and applying limits on what they will provide that do not appear to be in line with regulations. Health systems with multiple hospitals have implemented the access requirements inconsistently across their medical centers, meaning some may be in compliance while others are not.

The process of getting one’s records has never been simple, and it may now be even more complicated than before. Most CEs require patients to go through a number of steps before protected health information is released. Some have different procedures for when the patients are requesting the record to be sent to themselves, versus when it is sent somewhere else, which is technically an authorization; some use a single form for both purposes. CEs typically post a form online for records access, which the patient downloads, prints out on paper, completes, signs and then either mails or faxes back to the CE. The form should give the patient options for how the records are going to be delivered, with one choice being some form of electronic version.

Chris Carpenter, director of operations for Diversified Medical Record Services, Inc. (DMRS), a business associate that processes records requests for hospitals and physicians offices nationwide, tells RPP that the reliance on paper requests and mailed records “is not how the industry is trending.” He adds, “I’d even go so far as to say that’s not how HHS [the U.S. Department of Health and Human Services] sees it working. The ideas are portability and access.”

“Most places don’t have electronic portals. They don’t email us securely,” says Deborah Peel, a psychiatrist and founder of the advocacy group Patient Privacy Rights, who reviewed some of the CEs’ policies for records access at RPP’s request. “They put all these obstacles in the way of us getting our own data. It’s just terrible, awful.” The expanded access requirements aren’t being met, she says, because of “gaps” in the regulation and ignorance on the part of CEs. “People believe what they are doing is actually legal,” Peel says. “The implementation has completely failed patients.”

A spokeswoman with the HHS Office for Civil Rights tells RPP “we can and we have” brought enforcement actions against CEs who violate the access requirements.

Visit http://aishealth.com/archive/hipaa0614-01 to read the article in its entirety.

About Report on Patient Privacy
Report on Patient Privacy is the health industry’s #1 source of timely news and business strategies for safeguarding patient privacy and data security. Published for hospitals and other providers, health plans and other HIPAA-covered entities and business associates, the 12-page newsletter focuses on privacy issues that can result in huge fines, penalties and public relations nightmares, including: security breach notification; business associate relations and agreements; and new federal privacy rules for marketing, fundraising, privacy notices, minimum necessary, patient rights and safeguarding privacy in EHRs. Visit http://aishealth.com/marketplace/report-patient-privacy for more information.

About Atlantic Information Services
Atlantic Information Services, Inc. (AIS) is a publishing and information company that has been serving the health care industry for more than 25 years. It develops highly targeted news, data and strategic information for managers in hospitals, health plans, medical group practices, pharmaceutical companies and other health care organizations. AIS products include print and electronic newsletters, websites, looseleafs, books, strategic reports, databases, webinars and conferences. Learn more at http://AISHealth.com.


Contact