Medical Providers Not Fully Compliant with HIPAA Access Requirements
According to a recent study by medRxiv, while efforts to digitize medical records and let patients access information through their phone or a patient portal are ongoing, more than half of providers sampled in a recent study failed to comply with the HIPAA right of access. The most common problem was providers not sending health records via email when patients requested them. About a quarter were also potentially non-compliant with the health privacy law's fee limitations.
The average wait time for responses ranged from one to 26 days, with eight days being the average. More than 70% of requests would not have been fulfilled pursuant to HIPAA without some form of intervention, such as educating staff members on the law or calling supervisors.
The issue is hardly new. A recent JAMA study also found discrepancies in records release processes at more than 80 top hospitals studied, and patient anecdotes of difficulty abound. Access was among the top four issues for HIPAA investigations by OCR from 2015 through 2018.
The more than two-decades old sweeping healthcare privacy law, however, could be getting an update. In December, HHS issued a request for information seeking ideas on removing regulatory barriers to ease care coordination and case management. Providers that responded were by and large wary of change and opposed any effort to shorten the window for responding to record requests.