medRxiv, a health manuscript archiving firm, recently conducted a study which revealed the prevalent noncompliance with the HIPAA right of access.
The researchers of this study mailed 51 healthcare providers requesting for medical record and documented the experience of acquiring those records. The response of the companies was likewise evaluated versus the HIPAA requirements.
In all cases, the requested access to patient data was legitimate. The purpose of the requests was to increase the usage of a new consumer platform which helps patients get their healthcare records. The requested records were sent for 30 patients, with an average of 2.3 medical requests for each patient.
The researchers rated each of the providers according to their response to the request and the following four HIPAA requirements:
- acceptance of a request by email or fax
- providing the records in a format that a patient requested
- giving records within a period of 30 days
- only asking for a fair fee
A 1-star rating was given to providers who simply accept a patient record request. A 2-star was given if after the researchers escalated the request to a supervisor once or more than once the healthcare provider responds to the request and satisfies all four HIPAA requirements.
A 3-star score was given if only one escalation phone call to a supervisor resulted in a response from the provider. Providers that fully complied with the HIPAA right of access received a 4-star rating. Providers that went beyond the HIPAA requirements and gave copies of patient records within 5 days of request got a 5-star rating.
Over half (51%) of the providers evaluated either did not fully comply with the HIPAA right of access or responded only to the requests after many request attempts or referrals to supervisors. Fully compliant providers were only 30%. 27% of the providers got 1-star rating, 24% got 2-stars, 20% got 3-stars, 12% got 4-stars and 18% got 5-stars.
The researchers likewise performed a telephone survey, which was participated by 3,003 healthcare providers. The providers were asked regarding their policies and procedures for providing patient healthcare records. The researchers learned that as much as 56% of healthcare providers are not completely compliant with the HIPAA right of access. 24% seem to be unaware of their restrictions when it comes to the fee charged to patients for getting copies of their healthcare records.
The primary reason for noncompliance was the inability to give electronic medical records, even when the patient specifically requested it. Out of the 14 providers that got a 1-star rating, 12 did not send medical records by email, one declined to give the records to the representative nominated by the patient, and one billed an unreasonable cost.
The researchers remarked that if the requests were not escalated to supervisors, 71% of the requests probably would not have responses that comply with HIPAA.