By Julia Vann
Under the HIPAA Privacy Rule, medical records can be requested from their doctors by patients. They should receive it within 30 days of request, and for no more expensive than $6.50. They should be able to receive it in whichever form is most convenient for them. The issue is that many hospitals do not follow these rules.
According to HIPAA Journal, “HIPAA requires patients to be provided with copies of their medical records in the format of their choice, yet many hospitals were failing to comply with this requirement and there were discrepancies between information provided over the phone and what was detailed on release forms.
For example, over the telephone, 83% of hospitals said copies of medical records could be picked up in person, yet only 48% stated this on the release forms. 66% said electronic medical records could be provided on a CD over the telephone, but this was only an option on 25% of forms.”
While these hospitals still do provide any option for patients to receive their medical records, it is not obvious to the patient. As a result of that, patients are more likely to choose a certain option simply because they aren’t aware other options even exist. It’s uncertain whether this is an active action from hospitals, but either way, it still causes issues.
The goal of hospitals should be to make life as easy for patients as possible. It is not uncommon for hospitals to charge more than the set $6.50. There was even a case where a hospital charge over $500 for a medical record copy. Additionally, hospitals frequently take longer than 30 day to give patients a copy of their medical records. Some hospitals just never end up giving them at all, even after request.
All of these actions break HIPAA regulations and the hospitals deserve proper punishment. Unfortunately, this is such a widespread issue, that it makes it difficult to enforce.
According to HIPAA Journal, co-author of the study, Harlan Krumholz, MD, said, “If we really want to move to a healthcare system where patients are at the center, then we need to find ways to ensure that they have agency over their own data. We’re far from that right now.”
Indeed, we are far from that right now. We can only hope we’ll come closer to reaching that goal in the future.
To learn more about HIPAA Compliance, visit the American Medical Compliance website.