The Disconnect Between Patient Experience and Records Requests – HIM Scene

This post is part of the HIM Series of blog posts. If you’d like to receive future HIM posts in your inbox, you can subscribe to future HIM Scene posts here.

This week I met with one of the digital marketing team at a children’s hospital. We had a great conversation about the hospital website and the way the hospital’s website represented the organization to the patient. Plus, we talked about how patients choose to interact with the hospital through their website. There are a wide variety of patient requests through the website, but one of those requests was a request for their patient record.

It wasn’t really a surprise that this digital marketer didn’t really know the details of what’s required for a patient to make an appropriate medical record request from his hospital. In his defense, he didn’t usually answer the questions, but just created the website that collected the questions. However, it was quite clear that the workflow for any medical records request was to send it to their HIM department and let them figure it out.

Most organization then have their HIM staff play phone tag with the patient to explain how to make a proper records request which will allow them to release the information to the patient. The progressive organizations might send the patient an email. However, many of them will then ask the patient to mail, drop off or fax in the official records request. If this sounds painful, I can assure you that it’s as painful as it sounds.

This illustrates the massive disconnect between creating a great patient experience and most organization’s current records request process. Please note that I’m not blaming the digital team at hospitals for the issue and I’m not blaming the HIM people for this problem. I’m blaming the disconnect between the two organizations because the only way to solve this problem is to have both organizations involved.

The best patient experience would actually be for the patient to go to their patient portal and download their whole record. Maybe we’ll get their one day, but there are hundreds of systems in a hospital where a patient’s data is stored. So, it’s going to take a while for us to reach the point where a patient can self-service their data requests.

Since I’m not holding my breath on this amount of data sharing happening between disparate systems, I’m more interested in making the current processes so it’s a seamless experience for the patient. If you can model a medical records request on paper, then you can do it digitally. To their credit, I’ve seen a few organizations working on this. In fact, their system is part education about records requests and part getting the information that’s needed to fulfill a records request.

It’s time that HIM and a hospital’s digital and tech teams come together to make the process for requesting records a seamless patient experience. And if you think using a fax machine is a seamless experience for patients, then you’re part of the problem.

If you’d like to receive future HIM posts in your inbox, you can subscribe to future HIM Scene posts here.

About the author

John Lynn

John Lynn

John Lynn is the Founder of, a network of leading Healthcare IT resources. The flagship blog, Healthcare IT Today, contains over 13,000 articles with over half of the articles written by John. These EMR and Healthcare IT related articles have been viewed over 20 million times.

John manages Healthcare IT Central, the leading career Health IT job board. He also organizes the first of its kind conference and community focused on healthcare marketing, Healthcare and IT Marketing Conference, and a healthcare IT conference,, focused on practical healthcare IT innovation. John is an advisor to multiple healthcare IT companies. John is highly involved in social media, and in addition to his blogs can be found on Twitter: @techguy.


  • Great post John. It’s clear that many healthcare orgs are taking the appropriate steps to make PHI data available to patients but one observation we have made is that these orgs are not making commensurate changes in how they identify patients who are trying to access this information. This can be extremely dangerous and very risky for healthcare orgs because in the absence of modern patient identification technology, anyone can falsify their identity and gain access to sensitive PHI of another patient, especially if these orgs are relying on user names and passwords for patient ID.

    Our observations tell us that many healthcare orgs are taking often extraordinary measures to protect their networks from cyberattacks but are remaining idle on incorporating policies to protect patient data. It must be noted that these are two completely separate entities and need to be addressed separately. It’s dangerous and risky to assume that protecting a network is the equivalent of protecting data.

    Healthcare orgs must take initiative to better protect patient data from unauthorized access and the often siloed approach to disseminating patient data that you describe only adds to the complexity and risk of protecting patients and their data.

  • Great point John and you’re right. It still amazes me that a signed form that’s faxed to you is reasonable to accept as your identity.

Click here to post a comment