The HHS Office for Civil Rights recently issued extensive guidance for providers, insurers and patients on rules under the HIPAA law to enable patients to get paper or electronic copies of their medical records.

The guidance is long overdue; patients have had this right for a decade or longer, and many still face obstacles in getting their records. But how useful will the guidance actually be? And with little federal enforcement over the years, will compliance improve?

OCR has paid attention to the right of patient access, responding to patient complaints by working with providers and helping them understand their compliance obligations, says Jodi Daniel, formerly director of policy in the Office of the National Coordinator for Health Information Technology and now a partner in the law firm of Crowell & Moring.

While OCR has issued guidance in the past, it’s been nowhere close to the comprehensive guidance now available, which puts all the information on the right to access in a single source document, Daniel adds. The comprehensiveness of the guidance is important, she notes, because patient access to records is one of the most frequent complaints received by OCR, trailing only complaints about disclosures and safeguards.

Also See: New Push to Improve Patient Access to Records

The new guidance comes during a major push by the federal government to improve patient access to their health records, via the view/download/transmit requirement in the EHR meaningful use program and a newer requirement to enable access via an application programming interface that can send the records to the device of a patient’s choice, Daniels says.

Importantly, easier patient access to their records also strongly supports the move toward accountable care, the new Merit-Based Incentive Payment System for Medicare, and President Obama’s Precision Medicine initiative to build a cohort of one million Americans who agree to contribute their genomic information, Daniel says. “Patient engagement is a major part of these initiatives, and HIPAA rules are part of the foundation.”

Consequently, with existing barriers created by providers to not comply with patient record access requirements, often including excessive fees charged for records, the drumbeat for improvement has grown louder, as the government wants patients to be more engaged with their own healthcare, according to Daniels. “It would be wise for covered entities and business associates to see if they have processes and practices that would violate the rule.” And, a big help for insurers, providers and patients, Daniels believes, would be finding a way so when new patient data is available in the EHR, it can be "auto-shared" with the patient upon request.

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access