Since starting the Voice of Ciitizens blog back in the summer of 2018, we’ve spent most of our time defining, documenting, and denouncing the myriad of roadblocks that stand between patients and their personal health data, from the lack of compliance with federal HIPAA regulations to the “dinosaur technology” still in use. Now that 2019 is upon us and the problem is clear, the question has become: what can we do to try to fix it?
While helping patients obtain their health data from hospitals all over the country, we’ve found that a number of hospitals either don’t understand the patient’s right of access under HIPAA or (in worse cases) are indifferent to it. For months, we’ve been asking ourselves at the Ciitizen office how we can help well-meaning institutions improve their medical record release procedures and become HIPAA compliant, while simultaneously motivating the stragglers to follow suit.
That internal question led to an idea, which culminated in the #myhealthmydata campaign.
What if we took our experiences in trying to obtain medical records for our Ciitizen users and objectively evaluated those experiences based on what the HIPAA Privacy Rule requires? And what if we made those stories public - both our general experiences as well as instances with specific institutions - perhaps by name - that we have contacted, openly sharing it online for the world to see? Could stories of hospital responses to our record requests help both shine a light on what seems to us to be a serious noncompliance problem and also be a catalyst for change? And might we surprise ourselves with stories of people who are actually doing this right?
We think the answer to these questions is yes. What exactly would this all of that look like? Follow #myhealthmydata and we’ll show you.
-The Ciitizen Team