HIPAA: Medical Information Privacy but also Patient Access
In the United States, HIPAA is the Health Insurance Portability and Accountability Act which together with the Federal Privacy Regulations of April 2001 and the Joint Commission on Accreditation of Healthcare Organizations (JCAHO) has established the law and standards which are aimed at protecting the privacy of an individual’s healthcare information and regulating access to it. HIPAA defines who has access to the information and establishes the patient’s rights. This thread will deal with patient’s rights with regard to their medical information, one of which includes the right (with minimal limitation) of the patient to access and read medical records which contain their personal medical information.
To get started on this topic, here is a recent e-mail I received from a visitor. By the way, in keeping with HIPAA regulations I am not identifying the writer or providing any other personal identifying information in order to protect patient privacy. I am assuming that the scenario itself is common and the few details presented are not specific enough to provide such personal identification for someone who is not already aware of the individual and the details.
I am trying to find out more information on the topic of transferring one patients records from one PCP to another PCP.
The original PCP had been my fiancees PCP since childhood. In the last two years my fiancee had developed several symptoms and the original PCP had run an EKG and an MRI two years ago and let it go at that. The symptoms still bothered him and continually grew worse. The originally PCP treated it more like drug seeking behavior and whining and never addressed the issues or pursued more testing. My fiancee has insurance through his employer and payment was not the concern. At much badgering from me my fiancee finally switched PCP's. Upon requesting the transfer of his medical records to the new PCP the old PCP only sent a letter and a copy of the most recent blood work and the EKG, no other history was included.
Is this considered with the parameters of medical history for a patient considering the extent of time he was with the original PCP?
The new PCP has found several very alarming conditions that have been untreated and undiagnosed because of the other PCP's lack of time with my fiancee. At this point she is looking for all the information she can get her hands on to develop a treatment plan that is aggressive.
I am extremely concerned because ethically I thought all of the patients case history was to be sent once the patient released it and the PCP was not allowed to pick and choose.
Please clarify if at all possible.
I wrote the patient back the following:
If a summary of a patient's medical condition is inadequate, to my knowledge, the patient has every right to access to a copy of the entire chart for transfer to another physician. In the U.S., patients can read their own chart except for psychoanalysis commentary. Check with a lawyer regarding transfer of records in your community.
Here are the details pertinent to this topic as obtained from the Los Angeles County Department of Health Services HIPAA Privacy and Security Comprehensive Self-Study Guide (content adapted from Health Care Compliance Strategies, Inc. revised November 2005.)
A. HIPAA empowers patients by guaranteeing them access to their medical records, giving them more control over how their protected health information is used and disclosed and providing a clear avenue of recourse if their medical privacy is compromised. The Privacy Standards protect medical records and other personal health information maintained by health care providers, hospitals, health plans and health insurers.
B. HIPAA and the Federal Privacy Regulations (April 2001) established the patient’s right to maintain the privacy of their health information. These rights give the patient a right to access their personal health information (PHI), amend their PHI, receive an accounting of disclosures of the PHI, request restrictions on the use of their PHI, file complaints and receive notice.
1. Right to Access: Patients have the right to access and inspect their health record and obtain a copy from their health care provider. Patients may access or copy their health records for as long as the information is retained. There are few exceptions to access related to psychotherapy notes and protections under state law.
(HIPAA requires that requests be granted within 30 days if the information is located on-site and within 60 days if the information is located off-site. However, California state law is more stringent and requires requests be granted with 15 days regardless of where the information is located.)
2. Right to Amend: Patients have the right to request an amendment to their medical record. The request must be put in writing and submitted to whoever maintains the medical record. The organization will then review the request and determine agreement or disagreement. The request for amendment becomes part of the permanent medical record.
3. Right to Account for Disclosures: Patients have the right to request a list of when and where their confidential information was released (within the last 6 years but not prior to April 16 2003), the date of disclosure, the name and address of the person or entity who received the information and a brief description of the reason for disclosure. Disclosure is permitted for treatment, payment or healthcare operations.
4. Right to Request Restrictions: Patients have the right to request their provider or hospital to restrict the use and disclosure (release) of their PHI. However, the provider or hospital is not required to comply with the request if the use and disclosure does not otherwise violate HIPAA Privacy Standards.
5. Right to File a Complaint: Patients have the right to file a complaint if they believe their privacy rights have been violated.
6. Right to Receive Notice: Patients have the right to receive a Notice of Privacy Practices handout, which describes how medical information may be used and disclosed and how to access and obtain a copy of their medical record. It also provides a summary of patient rights under HIPAA, describes how to file a complaint and gives relevant contact information.
OK, so those visitors to this blog who live within the United States know your rights. You may want to check with governmental resources within individual states regarding state changes as noted above with California. Those from outside of the United States should check with their local governmental agencies regarding the rules or laws applying to personal medical information. Keeping personal medical information private and restricted only to those who need to know is not only an ethical practice but is now the law in the United States.
Now, I would like to pose an ethical question to my visitors. The fact that the HIPAA law allows patients to have access to their medical record and to read it, do you think that this right is always in the best interest of the patient and also would this right, at times, be unpractical? Doctors notes and records can be difficult to read not only by handwriting (if handwritten) but also the meaning and significance of the words may be obscure to the patient unless reviewed along with the physician. This would require additional time spent with the patient for the doctor to provide this guidance to the patient. How should the doctor balance this time with the duty to the ill patients awaiting a visit in the waiting area? Should the doctor charge for this service to the patient? Beyond psychiatry notes restricted to be accessed by law, would there be other parts of the doctor's notes which should be off-limits to the patient? Think about it.. and let us know. ..Maurice.
Graphic: My ArtRage combination of graphics to form "Zippered Lips".
posted by Maurice Bernstein, M.D. @ 12:32:00 PM
4 comments
4 Comments:
Dr. Bernstein,
I firmly believe that the patient should have the right to access their complete medical record as provided for under HIPAA. With the exceptions provided for by law, they should have access to anything that is part of their record.
To allow a physician to selectively withhold information from the patient is, IMHO, tantamount to "giving the fox the keys to the hen house". I personally can't see any logical or ethical reason why a physician would choose to do so - in fact, the most likely reason that comes to mind that they would choose to exclude information would be to cover something up.
The issue of meaning and significance of the doctors notes is easily resolved. All the physician needs to do is include a standard disclaimer such as: "This record is being provided per your request as required under HIPAA regulations and may include terminology that may not be readily understood by non-medical personnel. If there is anything in the record that you don't understand or would like clarified, please make an appointment with your physician to go over it, at which point he/she can answer any questions you may have." They can even have the patient sign a copy of the disclaimer, acknowledging that they received it.
As far as I'm concerned, it's perfectly OK for the physician to charge for the time to meet with the patient to do this, just as they would any other consultation. After all, they're allowed to charge a reasonable fee to produce the copy of the medical record, so why shouldn't they be able to charge for a follow up consultation.
Just my $0.02......
TT
Dr. Bernstein, I couldn't leave this one in my Google Reader ... I had to come and put my two cents in.
First of all, I feel that patients should, indeed, have the rights to a full copy of their records. Perhaps those who do not understand the doctor's notes, but are concerned, could make a separate appointment during which the records could be discussed. I'm not sure how that would work with insurance companies ... but there should be some sort of arrangement. Perhaps the questions could be addressed by a nurse ...?
I also agree that it would not always be in the patient's best interest to read the charts, especially if they don't understand what they're reading, and also have no idea of how to research the material.
However ...
In 2006, when I was studying Health Information Technology, we were told that we should get a copy of our records in order to compare them to what we were studying. An interview for the same course with the head of the Records department at my hospital reinforced that idea. I honestly was also very curious myself ...
At the next visit to my PCP, I asked if I could have a copy of my records. He told his nurse to make a note of it, and then told me when I could pick them. I was very eager to see certain things he'd written in my records, because this fellow had a very odd way of referring me to specialists. I've actually had one walk into the room laughing ... holding my records. He proceeded to ask me some pertinent questions, which had nothing to do with my health. I was flummoxed! So, I was eager to finally get my hands on that referral ... and quite a few other pages, to help me understand what he might have been thinking.
When I picked them up, I immediately looked for the pertinent pages - they were nowhere to be found. I had exams that started on page 2 ... replies to referrals with no initiating referrals (one in particular - you guessed it) and so many other things. By the end of the day, I had cataloged more than 30 missing pages - that I knew about.
I couldn't help but wonder what on earth he had written that he would rather take his chances with breaking HIPAA regulations than have me read his notes ...
At that time, I asked a fellow blogger, a physician, what I should do. He told me that it would be too easy for my PCP to say that things had been spilled on them, and so on, and that I should just let it go - but to find myself a new PCP, since I couldn't trust this one anymore. He recommended that I carry my records with me, and give my next PCP the records I had, rather than release them from the previous provider. Then I'd have some control over the situation.
In short order, I was made aware that our local hospital has completely worked around HIPAA ... and in our area, anyone who works in that hospital, or at any of the practices associated with the hospital, can access any and all of the records, with the exception of those which are specially protected ... and I'm not even sure about that.
So ... my records have content which I was not allowed to see, and each and every practice which is an "affiliate" of that hospital has access to them.
Dr. Bernstein, that's just not right.
Perhaps because of this experience, I have to admit that my own view is biased. I also have to admit that I'm still a bit angry and threatened by the situation, since I'm in still in the same area. Perhaps I shouldn't have taken a stab at that question, because I knew I would not be able to be completely objective.
Thank you for such interesting posts, Dr. Bernstein ... :o)
I was at a new specialist's recently, and when I provided the names and doses of my two medicines to the nurse, she said, "You're not still taking x vitamin or using lidocaine pain patches?" Now there's no way she should know that information, no way. I sent over the extensive labwork myself and there was nothing about medications on there. There was, however, my referring physician's name. I definitely hadn't signed any releases in this regard.
Something's fishy.
While I don't have complaints about the outcomes, what if this happened when I or someone else needs a really objective second opinion? We're all subject to cognitive biases in solving complex problems and sometimes a fresh start is needed.
I suspect some of this information may be coming from the affiliated hospital in the next building and that computers are linked. While some medical errors may be prevented this way, this also means that physicians (or technology) are in control of the narrative that is our personal medical history.
I do believe that patients deserve their records. People can't control others because of their perceived lack of knowledge. I believe that I understand and can convey my medical history well because I've read many of my records as well as most radiology and lab results. This has allowed me to look up definitions and for further information and thus put details in perspective (what matters, what's incidental). It also allows me to be very specific when speaking to my doctors, whether in conveying information to another specialist or in asking questions.
I need an answer to a question. I saw this certain for seven years and I worked for the USPS. Last summer this doctor had me off work but I only saw him once. His staff would not let me see him back or make an appointment. He would not release me to go back to work. He did not give me any restrictions other than the permanent work restrictions I have. Anyway went back to work and the Postal Inspectors-OIG got to the doctor and gave him records concerning me as the patient. I have requested this info but the doctor will not speak with me. I have spoke with the administrator of the doctor's firm and she told me to right a letter which I did to the board of directors of the doctor's firm. I still did not receive any info concerning the Postal Inspectors-OIG info about me. She called yesterday and stated she spoke with the Postal Inspector-OIG and he basically told her that she could nor release the info and basically threaten her. But her and the doctor would be more than willing to give me the info if the Postal Inspector-OIG would let her. Is this legal since it is actually my employer who is obtaining info on me through the Postal Inspectors-OIG? Why would the doctor's office have to call the Postal Inspector-OIG prior to just letting me have my private information that I thought I was entitled to by the Privacy act.
Post a Comment
<< Home