Sometimes it’s so exhausting to track down my daughter’s medical records that I want to give up and say forget it. She has a rare neurological condition called FOXG1, and has therefore been seen at multiple institutions for various testing and procedures. Thinking recently about having her information sent to a specialist out of state for another opinion, I realized I had no idea how I would make that happen.
I was able to reach the records department at her current hospital. They said they could not send her MRI data to me, but I could come to the office in person to retrieve her imaging. So I did. I waited there for over three hours to get her data on a CD-ROM, and even then the records were incomplete and not at all easy to access.
My own personal experience of trying to collect her health history has been frustrating, to say the least, which is why I decided to join Ciitizen and lend a hand to patients in similar situations. Luckily, my daughter’s condition isn’t life threatening. But she can’t walk or talk, and seizures are an issue, so having her health data is important. However, when I think about these same obstacles being presented to patients with cancer and other serious illnesses, I get nauseous. Patients in dire need of their data should be able to get their information immediately.
Having started making record requests on behalf of Ciitizen’s beta users, my frustration has not subsided. In response to the rightful inquiries sent by these patients, we’ve received responses like:
Due to security/encryption purposes, the records cannot be sent by email, as this is a HIPAA violation
We cannot accept electronic signatures (in response to an electronic request form!!)
Imaging cannot ever be sent to a patient, it must be picked up in person by the patient with a valid ID
As I’ve come to learn, however, none of these rejections are valid. HIPAA does allow records to be sent by email, digital signatures are just as lawful as written ones, and imaging can indeed be sent directly to the patient. Some of the medical records clerks I talk with don’t seem to know any better, and it doesn’t seem like hospitals spend much time training their records departments about HIPAA requirements.
On top of that, we’ve had to call some of these hospitals six or seven times on behalf of our cancer patients before we even get a straight answer. It’s not only a lack of compliance, it’s a bad customer experience. What other industry would allow this?
No other business could survive these market dynamics given the competition out there today. Unfortunately, as patients often have few options for care, the hospitals get away with it. That’s why we need to incentivize hospitals to both comply with HIPAA regulations and improve their customer service protocols. If the hospitals themselves aren’t able to allocate resources towards bettering their compliance, we at Ciitizen will be happy to make ourselves available—gratis—as a training resource.
Give us a call. We’ll be happy to run through exactly what HIPAA does and doesn’t allow in terms of the patient’s right of access.
Nasha Fitter is the head of Ciitizen’s data retrieval team and the co-founder of FOXG1 Research Group, an organization dedicated to find a cure for FOXG1 Syndrome, and potentially most brain-related disorders.