Healthcare organizations’ compliance with the HIPAA Right of Access has considerably improved, reported by the latest Ciitizen’s Patient Record Scorecard Report.
To create the report, Ciitizen carried out a study that was participated by 820 healthcare organizations to examine their response to patients requesting to obtain copies of their healthcare records. A variety of healthcare organizations were evaluated for the review which includes single doctor practices and big hospital systems.
Under the HIPAA Privacy Rule, patients are given the right to ask for a copy of their healthcare records from their companies. Request ought to be filed in writing. The healthcare organization needs to give the patient a copy of the health records in a specific record set in 30 days from the filing of the request. The information ought to be given in the format the patient asked for when the PHI may be easily made in that format. In case it is impossible to produce the information in the asked for format, the healthcare provider ought to provide the patient with the healthcare information in or in an alternate format decided by the patient.
For the study, Ciitizen users submitted requests for copies of healthcare records to healthcare organizations. The healthcare provider then receives a score from 1-5 based upon their performance. A 1-star rating means a non-HIPAA-compliant response. 2-stars are given when requests are in the end done satisfactorily, although it took several escalations to administrators. A 3-star rating is assigned if the request is completed with little intervention, and a 4-star rating is assigned to healthcare providers that are absolutely compliant and provided a smooth response. A 5-star rating is earmarked for healthcare providers with a patient-focused approach who exceed the HIPAA requirements.
Past studies showed that many providers (51%) don’t comply with the HIPAA Right of Access. The most current study showed a better percentage of 27%. The number of healthcare organizations given 4-star scores improved from 40% to 67%, and the number of healthcare organizations given 5-star ratings improved from 20% to 28%.
Another great news from this year’s report showed that just 6% of the 820 healthcare organizations billed patients fair-priced fees for generating the data.
In past studies, numerous healthcare organizations asked patients to fill up a standard form, but this year, almost all providers accepted any type of written request and didn’t necessitate patients to sign a certain form before producing the request.
The recent study had a substantial increase in evaluations, which may mostly be because of the developments in compliance. There were 51 healthcare providers evaluated for the Patient Record Scorecard report the first time, 210 providers the second time, and 820 the third time. Ciitizen remarks that the proportion of non-compliant healthcare providers in those studies did correspond with another study done on 3,000 healthcare providers, which shows that the developments made are legitimate.
Ciitizen attributes improved compliance rates to three major reasons:
- A higher emphasis has been put on the right of persons to acquire copies of their healthcare records after the HHS’ Centers for Medicare and Medicaid Services and the HHS’ Office of the National Coordinator for Health IT circulated new guidelines, making it a lot easier for patients to get copies of their healthcare records.
- There’s a favorable effect on the release of information (ROI) vendors who generate the patient data requests for covered entities so they are in compliance with the HIPAA Right of Access.
- The HHS’ Office for Civil Rights began a HIPAA Right of Access enforcement action this past year. From then on, two covered entities that failed with compliance were imposed fines of $85,000.
It is also perhaps because the Ciitizen created a website that presents the scores of every healthcare provider motivating healthcare providers to observe this essential aspect of HIPAA.