From the very beginning, all of our request letters to health institutions have asked for records to be sent via email, as is the patient’s right under HIPAA. When an institution sends records to Ciitizen using the email address we provide, the information is populated directly into that patient’s Ciitizen profile—no need for manual handling, which introduces risks and opportunity for error. However, more often than not, we get push back when it comes to digital delivery. Some institutions insist on sending us to their secure portal (which requires entry of a one-time password), or sending the records with password-protected email, even though the request letter acknowledges and accepts any security risks (and, of course, some still insist on sending us reams of paper… see more below). Of course, we are willing to enter the data in manually if we need to, but the larger point is that patients should be able to choose email delivery if that’s what they want.
That being said, our blog post for this week is actually a success story, rather than another aggravating anecdote detailing a slew of additional HIPAA violations. It also involves one of the largest non-profit healthcare chains in the United States, an institution that certainly has the technology necessary to service patient requests electronically. Yet, after we initially requested medical records to be sent via email to Ciitizen on behalf of a patient, they instead sent us a stack of paper printouts in the mail.
As you can imagine, we escalated this request in every way possible.
We spoke with the privacy officer, the compliance director, and the health information management director, as well as with employees in the HIM (health information management/records) department on several occasions. Overall, it took one confirmation call, five HIM interactions (meaning phone conversations and/or emails), and two calls with privacy officers to convey our message: we want these records sent electronically.
And in the end we got them to agree to send the records electronically; not just for this particular instance, but for all requests moving forward! Not only did they agree to deliver the data digitally, they did so using technology that easily deposits the records into a portal for patient access—no downloading or emailing necessary! The agreement to use ongoing digital delivery, converting from paper to electronic records, marks one of the largest success stories yet for Ciitizen in our quest to help patients easily obtain their health data.
Large institutions have the resources they can devote to improving their operations, you may say. However, large institutions can sometimes be the hardest with respect to changing their entrenched policies and practices. With some prodding, this particular one did change; relatively quickly, all things considered. We think others—both large and small—can as well. It is our mission to improve the processes for all patients seeking their health information.