The Office of the National Coordinator for Health Information Technology recently released a report (the Report) detailing user experience research on patient access to health data. The Report sought to examine the experiences of 17 individuals and processes of 50 health systems, with commentary from four medical record fulfillment administrators, to determine how the medical record request process can be improved for consumers. The Report ultimately concludes that patients and health care providers alike are in need of a well-defined process that is convenient, expedient and transparent.
The Health Insurance Patient Portability and Accountability Act (HIPAA) does not create a uniform process for storage and production of medical records across providers, and in-turn did not create a convenient request process for patients. Generally, patients have a right to access a designated record set, which includes 1) medical records and billing records about individuals maintained by or for a covered health care provider; 2) enrollment, payment, claims adjudication, and case or medical management record systems maintained by or for a health plan; and 3) other records that are used, in whole or in part, by or for the covered entity to make decisions about individuals. Upon receipt of a request by a patient to access their health records, the covered entity receiving the request must produce the records within 30 days. Prior to producing those records, however, the covered entity must verify the identity of the individual making the request. This often involves signature verification or similar processes.