Physician practices receive medical record release requests from various sources – from the patients themselves, insurance companies, Medicare, and attorneys. Medical records are vital for processes such as medical peer review for insurance, or medical record review in personal injury cases. HIPAA and HITECH Privacy and Security Rules apply when it comes to medical records release, and therefore physicians must clearly understand the protocols or guidelines related to releasing sensitive healthcare records. There should be an efficient system in place that allows the medical office to release complete, organized, clear records to the requesting entity. The gathering and release of medical records must be in compliance with state and federal laws related to release of confidential information. HIPAA allows providers to disclose patient records without the patient’s permission under the TPO or Treatment, Payment, and Operations exclusion.
Here are some major things to know regarding medical records release.
- There should be a written authorization from the patient to release the records, and the wording in the request should allow the medical records to be released via mail or fax.
- You must obtain a separate, signed authorization for each request.
- To release the medical records to anyone other than the patient, a valid authorization must be obtained. To release records to a patient, only the patient’s handwritten, signed request is required.
- Make sure to release only the copies of the medical record, including videos, X-rays and so on.
- The requests to inspect the record must be honored within the specific number of working days, which may vary according to each state rule. The copies must be released within the required number of days after receiving a written request. Verify your state’s regulation in this regard.
- Ensure that details such as the date of release and to whom the medical record was released are noted in the medical record. In case the medical record is faxed, the fax transmittal form should clearly state to whom the record is sent by name, fax and office telephone number, and address. It must also include a confidentiality statement.
- The provider can prepare a summary of the medical record if the patient agrees to it.
- A cost-based fee may be charged, as decided by individual state law, which includes labor. A clerical fee may also be charged, but there may be exceptions to this fee.
- You can release the records prepared by another provider, especially when they are required to develop a treatment plan.
- Additional specific authorization could be necessary to obtain the medical record of the diagnosis, treatment, and other details of minors, HIV patients, mental patients, and patients with alcohol/substance abuse concerns.
- Medical records maintained in digital or electronic format can be provided in the same format when so requested. In case the records system doesn’t allow the creation or transmission of an electronic digital record, the requester must be informed in writing regarding the same.
- Attorneys may send a subpoena for medical records in connection with a lawsuit or other legal proceedings. The patient’s consent is not required for issuing a subpoena for medical records. It is issued under the authority of the court or administrative tribunal wherein the legal proceeding is awaited. If medical records are to be obtained for litigation without the written authorization from the concerned patient, HIPAA requires that the subpoena is accompanied by either a statement that the patient has been notified of the request and has had an opportunity to object, or a motion for a qualified “protective order.” A qualified protective order mandates that any protected health information or PHI can be revealed only for litigation purposes, and that any PHI disclosed must be returned to the healthcare provider at the end of litigation. When issuing a subpoena, it is important to notify the patient’s attorney of the same and a copy of the subpoena must be sent to the attorney. If any other objections exist as regards the subpoena, the patient’s attorney will have the opportunity to voice those to the hospital, physician or other practitioner, and get a ruling by the court on those objections. If no objections are raised by the patient’s attorney, it is mandatory to comply with a proper subpoena for medical records.
At present, factors such as health information exchange initiatives, EHR interoperability, patient engagement and so on are gaining significance in healthcare. This requires providers to be more willing to exchange PHI and improve the patient’s/caregiver’s access to health records. Attorneys may require medical record retrieval for litigation purposes. Whatever be the purpose for which patient health information is required, medical record custodians and HIM professionals must ensure that the records are released properly following actual legal requirements. A healthcare attorney can provide valuable advice in this regard. When a record request is received, it is vital to check whether it is from the patient. If it is not, ensure that the entity making the request has valid authorization or proper legal authority to make the request.