More than half of US healthcare providers are out of compliance with HIPAA’s right of access provision, and patient access to their complete clinical records via electronic health records (EHRs) is still years away. Those are two of the more alarming conclusions of research published by health IT startup Citizen.
Citizen researchers, led by Deven McGraw, the former deputy director for health information privacy at the US Department of Health and Human Services Office for Civil Rights, submitted HIPAA medical requests for records to 51 healthcare providers on behalf of 30 cancer patient beta users of the Citizen platform—an average of 2.3 medical requests per patient. They then scored the experiences in comparison to both what is required by the HIPAA right of access, and whether any providers went above and beyond to get patients their records more promptly, according to the white paper.
Citizen also published a public scorecard of all the providers they sent their record requests to, rating each provider’s apparent compliance with HIPAA.
Citizen found that “over 50 percent of these providers were either not compliant with the HIPAA right of access or needed multiple phone calls to supervisors or privacy officials to get compliant.” McGraw and her team encountered so many roadblocks to retrieving patient records that they published multiple blog posts about the most frustrating hurdles, such as:
- Not receiving requested information within 30 days
- Not receiving records in the format requested
- Providers’ refusal to send images to a patient or a patient’s designee
- Refusal to accept requests by email
- Providers imposing fees that were not compliant with official HIPAA guidance
“We know from the questions we receive from the public that requesting and obtaining one’s health information is among the most frustrating experiences for patients and their families during their encounters within a healthcare setting,” said AHIMA’s Chief Knowledge Officer Cheryl D. Martin, MA, RHIA. “AHIMA has long advocated that patients have the right to receive information in the format of their choosing. As health information professionals, we have the responsibility to provide patients with easy access to their records. These results show that there is still more work to be done to remove barriers to patient access and ensure compliance with federal regulations.”
As for Citizen investigators themselves, they write that healthcare providers need to redouble their focus on attention and focus on HIPAA’s right to access provisions, including by giving staff more training on HIPAA.
“Greater enforcement of the law will help motivate providers to prioritize this issue,” they write.
Syndicated from https://journal.ahima.org/2019/08/29/half-of-providers-not-compliant-with-right-to-access/