How providers can improve patient access to medical records
What is the response when an individual submits a request to receive access to the information that’s in their electronic medical record?
It’s frequently not a good one. In fact, the response can often be one of frustration over the time and effort that will go into compiling the data elements of the record in response to the request. There can also be a desire to recoup costs, or even make a little extra for all the sleuthing through electronic systems that providers might need to do to comply with the request.
Are all individuals in an organization prepared for responding to requests or obtaining necessary information? A lot of questions can arise when a patient makes a request for access to their records that an organization has in its databases.
In this respect, education and training are key components to building, establishing and maintaining a culture of compliance. How can an organization expect an individual to do the right thing if that person does not know what the right thing is or how to do it? Promoting the beneficial aspects of education leaves aside that HIPAA requires training and education.
When thinking about an education or training program, many individuals may be resistant to following through with mandated training or may not really pay attention. If a training module can be done remotely, how many people would take the opportunity to “watch” it while sitting in front of the television or doing some other activity and, as a result, the training is ineffective because their attention is divided. Training does not rank high on the list of preferred activities for many, so it is important to find ways to promote meaningful training.
Training is especially important for physicians because they have so many direct interactions with patients who could make requests. At the same time, physicians are among the individuals with the least amount of time to devote to training. What incentive could be offered to promote more willingness among doctors to do the training? Money or some other compensation would likely be good, but probably not feasible.
The Office for Civil Rights may have found another way. As part of continuing efforts to ensure an accurate understanding of access rights, OCR created a continuing medical education approved training module. Like any remote training, the module can be done anywhere, but is presented by some of the top government HIPAA officials and gives CME credit. Any continuing education credits are often in high demand among professionals.
Having identified the need for the training, will it work? The answer to that question will be hard to determine. However, the mere existence of the training is a positive sign. The more opportunities and avenues there are for physicians and others to be trained on HIPAA requirements, the better. For too long, HIPAA has been blamed for impeding too many activities, often driven by a lack of understanding about what HIPAA actually does. If tools are available, the list of excuses for not comprehending HIPAA can be shortened. That is a good thing.
Education and awareness alone should be sufficient to drive individuals and organizations to learn about HIPAA. The optimistic view is overshadowed by reality, though. If the right thing is not sufficient motivation, the potential negative consequences could be a better motivator.
What happens if a patient’s request for access is not fulfilled timely or accurately? If a report is made to OCR, then an investigation could occur. Many investigations are resolved behind the scenes through discussions between OCR and the subject, but sometimes bigger issues can arise, and an organization can wind up in tomorrow’s headlines.
No organization would want to face the potential backlash of paying a hefty settlement and seeing its name appear everywhere just because it did not understand the access requirement. A healthy mix of encouragement and fear could be enough to emphasize the importance of good education and training.