How Your Medical Records Get to a Requester
Receiving medical records isn’t as simple as sending a quick email requesting the documents you want to see. Since patient health information is protected under HIPAA guidelines, specific steps need to be followed to ensure patient records are delivered to the correct (and authorized) individual.
Requests for patient medical records can occur for a variety of reasons, including:
- Patient: As a patient, you may want to keep a copy of your current medical records for personal use. Some people like to review the information at home better to understand testing, diagnosis, and treatment recommendations.
- Attorney: When legal proceedings involve medical care, an attorney may need to request a patient’s records. For example, an attorney needs detailed information about the medical care and treatments for a personal injury lawsuit or malpractice suit.
- Insurance: Detailed records are required to verify treatment information so that insurance companies can issue rehabilitation or medical reimbursements.
Step-by-Step: Records Requests
HIPAA (Health Insurance Portability and Accountability Act) was implemented in 1996 to protect health information security and confidentiality. As medical practices implemented these security features, many internal procedures needed to change to avoid putting individual patient information at risk.
If you need to request patient health information for yourself or a client you are working with, this brief overview will walk you through the steps taken to ensure HIPAA compliance:
- Request Submission: While patients can request records, most of these requests are made by “third-parties” – such as attorneys, insurance companies, government agencies, and other healthcare providers. A request form is filled out by a requester asking for specific information within the patient’s file to be released.
- Verification: Once the request is received, it is checked for accuracy and authorization – i.e., can this person request this patient’s records. It’s essential to verify the identity of the person(s) receiving the information. Every record request and authorization require nine criteria to be met. When you or a requester asks for a copy of your records, healthcare providers must follow these regulations outlined through HIPAA and HITECH.
- Retrieval: Now that the request is verified, it’s time to locate the correct records. Patient records and data can be spread out through multiple sources, including computer and EHR systems. These records look similar and have various types of entries – which makes the retrieval difficult. Every page of the patient’s file has to be reviewed to ensure confidentiality. Checking every page is the only way to verify that the records approved by the patient are the only ones being request and sent. Verification guarantees that the names and identifiers on each page exactly match that on the authorization form.
- Review: Each record is then reviewed again to ensure that the request submitted is the correct one before delivery. Health Information Departments (or ROI vendors) must ensure that all sensitive comments and notations are removed – unless these details are specifically authorized.
- Delivery:Delivering the record isn’t as easy as just “hitting send.” Many record providers encrypt the records before delivery to comply with HIPAA security, and often these documents are password protected. Records can be delivered digitally, or they can be printed and mailed.
- Tracking: Each step of the records request process must be tracked and recorded.
Although only a broad overview of the process, Release of Information is detailed and meticulous. When done correctly, requests are received quickly, and records are delivered within 24-48 hours (depending on the request type).
Would you like more information about the records request process? Watch this video to see how it works.
Nearly 50% of medical providers choose to outsource their Release of Information service because it reduces internal costs, mitigates the risk of data breaches, and lets organizations focus on patient care. Today’s technology makes electronic health records more accessible to those needing them. But this increasing accessibility means there is a greater risk to privacy, higher expense, and a need for expertise.