I was in a recent discussion with one of the leading providers of release of information services, HealthPort about EHR’s impact on the release of health records. In our discussion, I asked why the release of health records can’t be completely automated through a patient portal. In my mind, meaningful use is requiring that healthcare organizations put a patient’s record up on a patient portal, so shouldn’t that mean that the release and disclosure of patient records would become obsolete?
Of course, I was applying a limited view to what’s required when a disclosure happens and who is making the records request. In most cases, it’s not the patient requesting the record and these third parties don’t have access to the patient’s portal. Plus, the release and disclosure of patient records often requires accessing multiple systems along with assessing which information is appropriately included in the disclosure. The former is a challenge that can be solved, but the later is a complex beast that’s full of nuance.
In order to clarify some of these challenges and explain why a patient portal won’t replace all records requests, here’s a short interview with Jan McDavid, Esq., General Counsel at HealthPort.
Q: What are HIPAA requirements around “charging” for copies of records, and what are considered “reasonable” costs?
A: HIPAA is very clear that its pricing applies only to copies provided to “individuals,, which HIPAA defines as the person who receives treatment—the patient. HIPAA guidance pertains only to patient requests for medical records, approximately seven percent of all requests received by healthcare providers.
The majority of records are requested by physicians for continuing care, governments for entitlement benefits, insurers, and inquiries from attorneys, according to internal data from HealthPort’s 2014 record release activity nationwide.
Within the realm of patient requests, providers can charge patients no more than their labor costs to produce the record, plus supplies and shipping. No upfront fee to search or retrieve records may be charged to patients.
Q: Why shouldn’t records just be free now that they are electronic?
While many believe the cost to produce records should be negated once information is digital, there are misperceptions and logistics that must be understood. The process of disclosure management (release of information) involves many steps that still require human intelligence and intervention—especially on the front end of the process (receiving, validating and approving the request). Here are three examples:
- The authorization must be adhered to strictly, which often requires contacting the requester and explaining that some of the records they requested may not be available, or may require very specific patient authorization.
- Information is commonly pulled together from multiple sources and systems (paper and electronic) to fulfill a request. While providers are working toward completely electronic environments, almost all still have a combination of paper and electronic. Depending on who makes the request, every single page of a record may require review.
- Staff releasing records must be trained on HIPAA, HITECH, the Omnibus Rule, state and federal subpoena requirements, and specific state and federal laws for drug, alcohol, HIV/AIDS, mental health, cancer, genetics, minors, pregnancy, etc.
Q: If the EHR is in the portal, what other records aren’t in the EHR that HIM staff has been aggregating in a records request?
A: Not all patient information is automatically included within the patient portal view, nor should it be. Each provider organization determines what EHR information is posted to the portal and what patients can do within the portal (e.g. requesting refills, scheduling appointments, viewing lab results, etc.). HIM experts are key in these decisions.