The most recent Patient Record Scorecard Report from Ciitizen has shown that there has been a welcome improvement in compliance with the HIPAA Right of Access.
In gathering data for the report, Ciitizen survueyed 820 healthcare providers to assess how well each responded to patient requests for copies of their healthcare data. A wide spectrum of healthcare providers were questioned for the study, from single physician practices to large, integrated healthcare delivery systems.
The HIPAA Privacy Rule allocates patients the right to request a copy of their healthcare data from their suppliers. Request must be sent in written and healthcare providers are required to provide the patient with a copy of the health data in a designated record set within 30 days to the request being received. The data must be filed n the format requested by the patient if the PHI is readily producible in that format. if it happens that data cannot be provided in the requested format, the provider should give the patient a printed copy of their healthcare data or provide the data in a different format, as agreed with the patient.
For each study, requests for copies of healthcare data are issued to healthcare providers by Ciitizen users. The provider then awards a rating from 1-5 based on their response. A 1-star rating represents a non-HIPAA-compliant response. 2-stars are given when requests are eventually resolved satisfactorily, but only after multiple escalations to supervisors. A 3-star rating is awarded when the request is happy with minimal intervention, and a 4-star rating is given to supplier that are 100% compliant and have a seamless response. A 5-star rating is reserved for providers with a patient-focused process who go above and beyond the legal obligations of HIPAA.
Earlier studies revealed a majority of providers (51%) were not compliant with the HIPAA Right of Access. The latest study resulted in that percentage dropping to 27%. The percentage of providers awarded 4 stars for their responses increased from 40% to 67%, and the percentage of providers given 5 stars increased from 20% to 28%.
There was additional good news from this year’s study. Under HIPAA, healthcare providers are allowed to charge patients a reasonable, cost-based fee for producing the records, but only 6% of the 820 healthcare providers applied fees.
Ciitizen says that the improvements in compliance are due to three main factors. A stronger emphasis has been placed on the right of individuals to obtain copies of their healthcare data after the publication of new rules by the HHS’ Centers for Medicare and Medicaid Services and the HHS’ Office of the National Coordinator for Health IT, which make it more straightforward for patients to obtain copies of their healthcare data.
Also, the release of information (ROI) vendors. ROI vendors process patient requests on behalf of covered entities allowed those entities comply with the HIPAA Right of Access. Finally, the HHS’ Office for Civil Rights launched a HIPAA Right of Access enforcement initiative last year. As part of that initiative, two fines of $85,000 were imposed on covered entities that failed to adhere with requests from patients to hand over copies of their PHI.
The Ciitizen Patient Record Scorecard Reports and the website sit up by Ciitizen that indicates that the scores of each healthcare provider may also have played a role in encouraging healthcare providers to adhere with this important element of HIPAA.