Abstract
Background Historically, patients have had difficulty obtaining copies of their medical records, notwithstanding the legal right to do so. In 2018, a study of 83 top hospitals found discrepancies between those hospitals’ published information and telephone survey responses regarding their processes for release of records to patients, indicating noncompliance with the HIPAA right of individual access.
Objective Assess state of compliance with the HIPAA right of access across a broader range of health care providers and in the context of real records requests from patients.
Methods Evaluate the degree of compliance with the HIPAA right of access 1) by scoring the responses of 51 health care providers to actual patient record requests against the HIPAA right of access requirements and 2) through additional telephone surveys of health care institutions regarding release of records to patients.
Results Based on the scores of responses of 51 health care providers to record requests and the responses of 3003 healthcare institutions to telephone surveys, more than 50% of health care providers are out of compliance with the HIPAA right of access. The most common failures were refusal to send records to patient or patient’s designee by e-mail; health care institutions’ responses to telephone survey also indicate 24% are potentially noncompliant with HIPAA’s fee limitations. With respect to actual patient record requests, for 71% of providers the records were provided in compliance with HIPAA only after supervisors and privacy officials were educated on HIPAA’s requirements.
Conclusions Recent federal proposals prioritize patient access to medical records through certified electronic health record (EHR) technology, but access by patients to their complete clinical records via EHRs is years away. In the meantime, health care providers need to focus more attention on compliance with the HIPAA right of access, including better training of staff on HIPAA requirements. Greater enforcement of the law will help motivate providers to prioritize this issue.
Competing Interest Statement
All authors receive compensation (either salaries or payments to independent contractors) from Ciitizen Corporation, which is a platform to enable patients (beginning with cancer patients) to collect, organize and share their medical records. There are no other competing interests to declare.
Clinical Trial
study is not a clinical trial - it is a study of compliance with law, so it is not human subjects research.
Funding Statement
As noted above, all three authors are either employed by, or are independent contractors to, Ciitizen Corporation, which provided the sole funding support for this research. No external funding was received.
Author Declarations
All relevant ethical guidelines have been followed and any necessary IRB and/or ethics committee approvals have been obtained.
Yes
All necessary patient/participant consent has been obtained and the appropriate institutional forms have been archived.
Yes
Any clinical trials involved have been registered with an ICMJE-approved registry such as ClinicalTrials.gov and the trial ID is included in the manuscript.
Not Applicable
I have followed all appropriate research reporting guidelines and uploaded the relevant Equator, ICMJE or other checklist(s) as supplementary files, if applicable.
Not Applicable
Data Availability
The url with supplemental data referred to in the manuscript will be available August 14, 2019.
Data Availability
The url with supplemental data referred to in the manuscript will be available August 14, 2019.
