Patient Right of Access Report Card

See which hospitals comply with Patient Right of Access to health information. The below grades have been awarded on our experience with requesting health records on behalf of ciitizens.

 
 
 HOSPITAL NAME STATE RATING
Stanford Health Care CA
Kaiser Permanente CA
UCSF Medical Center CA
Antioch Medical Center CA
Oakland Medical Center CA
San Leandro Medical Center CA
Palo Alto Medical Center CA
Valley Medical Center CA
*Loyola University Medical Center IL
*Holy Cross Hospital MD
*Kenmore Mercy Hospital NY
*Mount Carmel West OH
*CHI Memorial Hospital, Chattanooga TN
*Salem Hospital OR
 

 
1.png
 

Fail, Burdening patients

One star grade is given to providers who are not complying with the two most basic individual rights under HIPAA:

  1. Provider sends records electronically via email or designee encrypted portal [45 CFR §164.524(c)(2)(ii)]

  2. Provider sends records within 30 days [45 CFR 164.524(b)(2)(I)]

2star.png
 

Barely Trying

Two star grade given to providers who are only fulfilling two basic individual rights under HIPAA. Only complying with these individual rights under HIPAA puts obstacles in the way for patients as they seek their medical records.

  1. Provider sends records electronically via email or designee encrypted portal [45 CFR §164.524(c)(2)(ii)]

  2. Provider sends records within 30 days [45 CFR 164.524(b)(2)(I)]

 
 
3star.png
 

Good, Doing the Basics

Three star grade given to providers who are fulfilling all the below guidelines under HIPAA. By complying with these stated measures, providers are properly following guidelines created by HIPAA to make it efficient for patients to obtain their medical records.

  1. Provider sends records electronically via email or designee encrypted portal [45 CFR §164.524(c)(2)(ii)]

  2. Provider sends records within 30 days [45 CFR 164.524(b)(2)(I)]

  3. Provider accepts signed electronic form by email or fax [42 USC §17935(e)]

  4. Provider sends all records in "designated record set" [45 CFR 164.501]

  5. Provider does not ask designee or patient to pay unreasonable fees without justification or any fee above $6.50 without any justification [42 USC §17935(e) and 45 CFR 164.524(c)(4)]

  6. Provider sends records to patients’ designee - [45 CFR 164.524(c)(3)(ii)]

4star.png
 

Going above and beyond to put patients first!!

Four star grade given to providers who are not only following all the HIPAA guidelines needed to receive a “B” grade, but going above and beyond to put patients first. These are organizations who realize the urgency patients have in needing their medical records to obtain crucial second opinions, find clinical trials, seek continuation of care, and many other patient needs.

  1. Provider sends records within 5 days

  2. Provider accepts legally compliant form (does not ask patients to fill hospital specific PHI form)

  3. If size of email larger than 20 MB, provider sends records via designee encrypted portal versus CD

  4. HIMS department is properly trained on HIPAA requirements and request does not need to be escalated to Privacy Officer