Stick to 4 Medical Records Requests Requirements to Avoid HIPAA Fine

Share: Share on Facebook Share on Twitter Share on LinkedIn Share on Google+

Stick to 4 Medical Records Requests Requirements to Avoid HIPAA Fine

Share: Share on Facebook Share on Twitter Share on LinkedIn Share on Google+
medical records requests

With fines for medical record request violations on the rise, you can’t afford to not comply with releasing records the right way. Sure, distributing records can be an irritation in a busy day but dealing with costly HIPAA violations is way worse. Read on for the skinny on medical records requests – what rules to follow, and what items you must be ready to provide.

Follow Federal and State Medical Records Requests Laws

HIPAA is a Federal mandate implemented as a congressionally passed law. “The real point of HIPAA was not only to protect the information, but to give an affirmative right for patients, the patients that you see and they’re beneficiaries,” explains Jennifer Searfoss, CPOM, CHCI, CMCS, in “HIPAA: Avoid Medical Record Copying Fee Violations.” Federal and state requirements can vary with either being more stringent. You must always follow the strictest requirement.

Example: Some state laws require medical practices to supply the first medical record request free of charge. HIPAA has no such requirement. If your state has the free stipulation, you must adhere to that stricter policy.

Honor the Medical Record Requested Format

Before deciding how much to charge for medical records, consider the intent of HIPAA. “HIPAA requires covered entities to provide an affirmative right of all patients to receive and have access to their medical record,” Searfoss explains. You also must provide the record in the format the patient wants. Having a uniform format to supply all medical records doesn’t cut it. When a patient requests a print-out copy of a medical record, it’s insufficient to email the patient a PDF of the medical record, Searfoss warns. If a patient wants the record electronic, or if she wants a paper copy, you must be able to provide the record in the requested access format.

Provide a Summary as Part of the Medical Records Requests

You must be able to give patients a summary of their medical record. “They don’t need the whole thing, because most patients have absolutely no idea what a medical record is, and what all it talks about,” Searfoss notes. For EMRs, you want to provide the CCDA. This gives the pertinent information a patient expects for a medical record summary.

Adhere to Timely Access

For HIPAA, timely means 30 days from the request. But sometimes the specifics of a request, the source, the items needed, and where they come from may not all be easily provided in the same time frame. In this case, you need to discuss the timeliness of the expectations and fulfillment with the patient, Searfoss points out.

You try it: A family practice has a patient’s caregiver request medical records access. The FP office says it’s going to take 60 days. Is this timely access? And can you charge for the records?

Find out in the Medical Records online training


Meet Your Writer

Jen Godreau

Content Director

Jen Godreau, CPC, CPMA, CPEDC, COPC, AHIMA ICD-10-CM/PCS Approved Trainer is an expert in practice management, billing and coding, and revenue cycle management, and brings almost 20 years of experience to the content team at Training Leader. Prior to joining Training Leader, Jen led implementations of EMRs and revenue cycle management services including credentialing. She has led teams who have created numerous software programs and tools for compliance, coding, and auditing. Her passion for all things compliance and coding has filled thousands of articles and allowed her to provide practice management consulting and due diligence for hundreds of practices.

Jen's advocacy led to the overturning of neonatology supervision restrictions, creation of new CPT ENT codes, and winning of Medicare monitoring auditing contracts. She wrote the diagnosis study guide for AAPC's Certified Otolaryngology Coder (CENTC) exam and edited the AAPC Professional Medical Coding Curriculum.

Jen has a Bachelor of Arts from Wittenberg University in Springfield, Ohio. She became a Certified Professional Coder (CPC) in 2001, added her designation as a Certified Pediatric Coder (CPEDC) in 2009, became a Certified Medical Coding Auditor (CPMA) in 2010, and a Certified Ophthalmology Professional Coder (COPC) in 2017. She is an AHIMA ICD-10-CM/PCS approved trainer.