It’s a common perception among doctors and nurses that they are the worst patients when the tables have turned and they find themselves needing care. When you dig a little deeper to find out why this might be the case, a common thread starts to emerge—the feeling of vulnerability and loss of control, and also the fact that they know firsthand how healthcare works.
This phenomenon spans the healthcare continuum—with health information management (HIM) professionals often experiencing the same frustrations that patients do when requesting their medical records. Difference is, HIM professionals’ expertise in HIPAA can help them navigate the system and advocate for themselves.
In light of the release of AHIMA’s model Patient Request for Health Information Form, the Journal asked HIM and health IT experts about their own encounters with the release of information system. It probably won’t come as a surprise that the number of HIM credentials after a person’s name does not correlate to their success in getting the documentation they need. It’s clear that American providers and health IT developers have their work cut out for them in terms of improving health literacy and connecting all consumers with their data.
Even the people who know HIPAA best—from attorneys who helped draft the law to former government officials who helped enforce it—have trouble getting their health data from their providers. Here the Journal profiles the personal experiences of HIPAA experts who faced major hurdles in getting and using their health records.
Adam Greene, JD, partner at Davis Wright Tremaine, who specializes in HIPAA law and helped write the original HIPAA legislation in 1996
“I can tell you from personal experience I’ve been on the other side where I wanted to get an electronic copy of my records and it’s very difficult. Within the last month I reached out and tried to get my medical records delivered electronically to an app where I could best have it and be able to leverage it. And I was told by my former medical practice that they had a patient portal and that I needed to use the patient portal and HIPAA did not give me any right to receive my information in any other way. Now, that’s wrong. I could tell this person, she was an office administrator and very frazzled, and I could hear they couldn’t spend much time. And I wasn’t looking to ‘make a federal case out of it.’ I didn’t tell her that I was part of writing these HIPAA regulations and ‘you’re completely wrong.’ But I think having forms like this [AHIMA’s model form] out there and adopted will hopefully help make it easier for healthcare providers to understand what they need to do.”
Lucia Savage, JD, chief privacy and regulatory officer, Omada Health, and former chief privacy officer at the Office of the National Coordinator for Health IT (ONC)
“I needed to get some health information from my physician’s office to qualify for new life insurance. There were three very frustrating parts of the process. First the physician’s office staff were completely disempowered from helping me. They were not even allowed to accept and forward to their document office a PDF of a request for information form that I uploaded securely through my two-factor credential. Second, the actual document office at the large physician’s organization was not digital at all: office hours 9 a.m. to 4:30 p.m. each day; they do not return voicemails; and they do not accept inbound emails from individuals, although those are completely lawful; and you cannot contact them other than by phone or fax. Finally, the physician’s organization would not accept any form other than the one with their brand on it. This is probably their lawyer’s fault, but it is unnecessary.”
Pictured are copies of the records Savage originally sought and received from her own providers
Pamela Lane, MS, RHIA, AHIMA interim CEO
“My parents from California came to visit me on the East Coast. We had a great visit. But when they were driving back home, cross country, my father got sick and could no longer drive. They pulled over to a little place in Nevada, a 10-bed hospital there. Fortunately that hospital had a brand new state of the art CT machine. They did the scan and found out what was wrong with my father. I asked them if I could get a copy of the CT scan on a CD in case this happens again? They said sure, no problem. Off we go. By the time my mom and I got my father back to California, sure enough he gets sick again. Problem. Off we go. I take him to the hospital, the ER, and they said ‘We’re going to do a CT scan.’ And I said, ‘Oh, I’ve got the CT scan on a CD from 12 hours ago. I hand them the CD and they said, ‘I hope we have a machine that can read this CD.’ But they couldn’t read the CD and had to repeat the test.”
Joe Biden, former vice president of the United States of America
When Joe Biden served as the vice president, he very publicly dealt with the death of his son Beau Biden from brain cancer. Following his son’s death, President Obama tapped Biden to lead the Cancer Moonshot initiative. In May 2016, Biden spoke to both issues at the Health Datapalooza, which was held in Washington, DC. During his speech, Biden talked about the difficulties his family faced in getting Beau’s medical records sent from Walter Reed National Medical Center in Maryland to the University of Texas MD Anderson Cancer Center. “I’m the vice president of the United States,” Biden said, according to an article by Fierce Healthcare. “I have a … very influential son-in-law who’s a first-rate, well-known surgeon. It took all that and more to get [Beau’s data] put on a disk and flown down to Anderson.” Biden went on to say patient access issues are “a matter of life and death,” and that the healthcare industry must eliminate technical roadblocks that prevent patients from obtaining their own medical records.
Mark Savage, director of health policy at the University of California at San Francisco Center for Digital Health; formerly the director of health IT policy and programs at the National Partnership for Women and Families, which runs the GetMyHealthData project
When Mark Savage worked for the National Partnership for Women and Families, he volunteered to be a “Tracer” patient, which required him to request his medical records and report back his results to the Partnership’s GetMyHealthData project. In total, Savage contacted four of his providers: one large California-based hospital/integrated delivery system; one internal medicine physician practice; one dermatology clinic; and one primary care provider. He asked all four providers to send him every record they had for him in an electronic format, sent to him via email—even if it was unencrypted emails. He asked for continuity of care documents where possible, PDFs, and/or structured data. He received records back from each provider, but none of the data was sent electronically; even providers whose request forms listed electronic formats as an option sent back only paper. All of the records Savage received ultimately came through the US mail and he didn’t receive 100 percent of his records from any of the providers.
Rita Bowen, MA, RHIA, CHPS, CHPC, SSGB, vice president of privacy, compliance and HIM policy at MRO
“I recently had a friend who was frustrated because she didn’t believe she was being given her complete medical record that she had requested from a facility. She knew that I was a HIM professional and she asked me about it. After talking with her I realized that the information she was requesting was not part of the medical record but should be part of the facility’s designated record set (DRS). When the facility was contacted the person on the phone didn’t understand what a DRS was and its relationship to a patient’s request. After several conversations my friend did obtain the information being requested, but as you may guess, with some frustration.”