Patient Data Access News

AHIMA Reviews the Basics of HIPAA Compliant Patient Data Access

A recent AHIMA report reviews the basics of patient data access under current HIPAA regulations and emphasizes its importance on patient engagement.


Source: Thinkstock

By Sara Heath

- The American Health Information Management Association (AHIMA) has posted a slideshow and report guiding patients through the proper process of  obtaining their medical records from their providers and navigating HIPAA privacy regulations.

Per HIPAA, patients may ask to view and obtain a copy of their health records, receive records in paper or electronic copies, and have records sent to another entity for treatment, billing, or operations purposes, explained Mary Butler, the author of the slideshow and associate editor of the Journal of AHIMA.

Patients can request medical record access at their practice’s health information management (HIM) department. They should come prepared with their photo ID and will be asked to sign a waiver verifying their identity.

Medical practices have 30 days to produce the patient’s medical records. Practices may also request a one-time 30-day extension if they can explain the cause of the delay.

Patients may only receive health data that is included in a “designated record set,” which HIPAA defines as “medical records; billing and payment records; insurance information; clinical laboratory test results (including genomic information generated by a clinical laboratory); wellness and disease management program files; and clinical case notes,” Butler explained.

The slideshow also reviews personal representatives, or third-party entities who patients may give permission to access their medical records on their behalf. Personal representatives may access a patient’s health records if they can prove their authorization.

Patients may face fees to obtain copies of their medical records, but according to Butler, these cannot be per-page fees and providers must offer cost estimates before charging the patient. Additionally, patients cannot be charged to view their data via the patient portal. Providers who have an EHR must provide patient portal access, Butler said.

Ensuring patient access to health data is important, especially for providers trying to improve patient engagement. Patient data access has been proven to increase patient engagement, empowering patients to make more informed healthcare decisions and manage their wellness between doctor’s appointments.

Additionally, patient data access has been linked with better care coordination and patient safety, Butler said.

“It is beneficial for patients or caregivers dealing with multiple doctors and facilities to have all medical records in one place, which can then be used by providers to ensure thorough care,” Butler explained in a report accompanying her slideshow.

“Reviewing your record is an important way to ensure your provider has complete, correct, and up-to-date information, such as your known allergies. If you find information in your record that is incorrect or that you disagree with, contact the provider’s HIM department,” she continued.

In the current healthcare climate, it is important for providers and patients alike to continuously review the proper process by which patients can access their health records. Current regulatory processes, such as meaningful use and the Merit-Based Incentive Payment System (MIPS), both require providers to offer health data access to their patients, and calls for better patient engagement also highlight patient data access.

However, some research shows that health data access can be cumbersome for patients. In many cases, the rate at which patients can access their health records doesn’t always meet patient expectations. In a survey administered by Humana subsidiary Transcend Insights, 97 percent of patient respondents said it was important for patients and providers to both be able to access health data.

However, the survey administrators showed that provider-to-provider health information exchange is often lacking, as is patient data access.

Additionally, patients often face exorbitant data access fees. Although HIPAA rules prohibit large copying fees, a recent viewpoint in the Journal of the American Medical Association claimed that patients can face data copying fees as high as $111 for a 100-page record.

Healthcare professionals, including the authors of the JAMA viewpoint, say that these barriers are largely due to confusion surrounding patient data access laws. Providers and patients alike are not always clear on the HIPAA and other regulations surrounding patient data access, and therefore may inadvertently have unnecessary barriers in place.

In order to mitigate unclear and unintended data access barriers, healthcare professionals should continue to review current regulations surrounding patient data access. By understanding these laws, healthcare providers can ensure patients have easy and secure access to their health information, helping to support patient engagement efforts.


Sign up for our free newsletter:

Our privacy policy

no, thanks

Continue to site...