Hospitals are roadblocks to patient EHR data requests, despite HIPAA
What if the challenge to overcome with data sharing was the policies common among hospitals? A new study published in JAMA Network Open found just that: Patients are facing many hurdles when they request to receive their records from hospitals.
Conducted by Yale University School of Medicine, the study evaluated medical records processing at 83 top-ranked U.S. hospitals in 29 states and researchers found serious 'discrepancies' in the information given to patients during medical release processes.
What's more concerning is that there is serious noncompliance with federal regulations at some of these organizations. HIPAA not only allows patient access to their records in a timely manner: it guarantees it. Not only that but access must be in the patient's preferred format, with a reasonable processing fee.
Despite those laws, only 53 percent of the surveyed hospitals provide an option for patients to obtain their medical records. There were also inconsistencies in the data provided over the phone from a hospital, and the request forms with the types of formats patients could use for the release of their records.
Even worse: More than half of the hospitals charged patients well-above the federal recommendation of $6.50 to release an electronic record to the patient. One hospital even charged a whopping $541 for a 200-page medical record. And 43 percent didn't disclose their fees on authorization forms.
The researchers also discovered that two out of the three hospitals that could not be reached didn't provide an option to speak with a department representative nor a voicemail alternative. This "impedes patients from gathering information that they may need to understand the medical records request process."
And for those hospitals with those options, the automated voice response systems were hard to navigate and complicated before the researchers were able to reach a department representative.
WHY IT MATTERS
The report echoes sentiments that former ONC Privacy Chief and Omada Health Chief Privacy and Regulatory Officer Lucia Savage recently shared with Healthcare IT News. Data sharing has long been problematic for the industry, and her team made sure the industry was aware this was not a HIPAA issue.
To Savage, it's the policies that are hindering data sharing: "We have these highfalutin rules. But what's happening at the registration desk? What's happening in the billing office? What's happening in the office that actually handles the manila folder, or actual X-ray films? Are we, as people who are leaders in our institutions, walking the walk or talking the talk?"
Overall, the researchers shared these sentiments, stating that requesting both paper and electronic patient records is overly complicated – despite the clear mandates for patient access in state and federal regulations.
ON THE RECORD
"Although some hospitals were unwilling to release both paper and electronic records to patients, there are legal requirements under HIPAA to do so," the report authors wrote. "The lack of a uniform procedure for requesting medical records across U.S. hospitals highlights a systemic problem in complying with the right of access under HIPAA."
"Because every institution creates its own process and implements its own regulations, variability in what and how records can be received occurs," they added.
While the 21st Century Cures Act and other government initiatives are working to improve the process, attention to "the most obvious barriers should be paramount."