Blog RSSBlog.


Revised Medical Access Records Guidelines Reinforce Patient Rights

by Craig Klugman, Ph.D.

A few years ago I moved cross-country for a new job. Among the many moving tasks that I had was getting copies of all my medical records so I could bring those to my new physicians. Although I am very aware of HIPAA taught it in my bioethics and health policy courses for many years, I encountered obstacles to getting these records. Some of the refusals were phrased to my benefit: “If you take them then we have to charge but if we send directly to your new doctor, then there’s no charge;” “We’ll send them to you so you don’t need to carry them” and showed up months later in forwarded mail. Still others required a written request, on a specific form, and even then, never sent the records.

The U.S. Department of Health & Human Services recently unveiled its revised guidelines for giving patients access to their medical records. The goal is to prevent the sort of difficulties that I encountered. Although HIPAA gave us all the right to our records, DHHS said it has received a large number of complaints. Among the common reasons for noncompliance is a hospital or office requirement that the patient state a reason for access, requiring a certain format for picking up the records, holding records hostage because of an unpaid bill, and protecting the patient from potentially upsetting information. Under the new guidelines, such behavior is not permitted.

The revision is more of a reminder of the HIPAA rules rather than a big change. The hospital or doctor’s office can still charge for the records (a modest copying and labor cost) but they must send it to you in the format you request (pick up, email, mail). As long as you are informed, your provider can still require a written request, even a specific form as long as it does not create an undue burden.

HIPAA requires that a patient receive their records within 30 days of making a request. A provider can ask for a 30-day extension if it’s needed. States are permitted to have more rigorous requirements, but not less. These range from Colorado requiring patient access within 24 hours of request (though 10 days for hospitals and 30 for physicians to provide copies) to California and Nevada’s 5-day requirement. Washington, Virginia, Louisiana and Texas have a 15 day window. And other states have a 10 day requirement such as New York, Tennessee, Nebraska, and New York.

The guidelines still do not give a patient access to all of their medical record. For example, psychotherapy notes are often considered to be separate from the chart for privacy purposes and thus are the “personal notes of a mental health care provider.” A patient may also not access “information compiled in reasonable anticipation of, or for use in, a civil, criminal or administrative action or proceeding,” medical notes from a prison, or notes that are part of research (not treatment).

While not new, these guidelines remind us of our rights and obligations.

This entry was posted in Featured Posts, Health Regulation & Law, Privacy and tagged , , . Posted by Craig Klugman. Bookmark the permalink.

Comments are closed.