Overdue Rule Changes Brings Clarity to Patient Requests

Feb 28, 2020 at 10:09 am by admin

Tim Greene explains the new rule regarding an individual\'s access to protected health information.

A January 2020 decision by the District Court of Columbia has invalidated a rule regarding an individual's access to protected health information (PHI). The rule vacated a 2016 directive that gave third parties a right to access individual's health records for a limited fee.

The ruling came in the case of Ciox Health, LLC vs. Azar, et al that allowed third parties to access medical records at the same cost as the patient. Tim Greene, Regional Manager and HIPAA Privacy Officer for Acton Corporation, a company that specializes in release of medical information, has followed this legislation and the modifications to the HIPAA privacy rules.

"When a request for medical records is sent in, it needs to be determined who is sending the request," Greene says. "Is it the patient submitting the request for records or is it an outside company? Once that is determined, different sets of laws apply regarding the charges."

When the law initially went into effect in 2013, there was confusion surrounding when the fee limitations should apply to patient-directed requests for medical records. Some attorneys used that loophole to exploit the limitations and filed complaints with the Department of Health and Human Services (HHS) when things didn't go their way.

"That changed in 2016 when HHS issued a clarification on the initial ruling," Greene says. "Instead of clarifying, the legislation was even more muddled and provided more loopholes for attorneys to jump through. Greene adds that when a request for medical records was sent under the 2016 rules, it had to be determined who was sending it - the patient or an outside company - because different sets of laws applied to the cost for copies of records. Attorneys and other third-party retrieval companies would disguise their request to appear as a patient-directed request to obtain the fee limitations intended for patients and treatment purposes.

"Ciox Health sued HHS and won, saying the fee limitations and the misuse of the law was detrimental to their business," Greene says. "So basically, all the third-party requests were getting fee limitations, and it was causing everyone confusion and costing money. If the third-parties didn't get what they wanted, they would file a complaint, and we had to smooth over relationships with all of our clients."

Greene points out that much of the confusion resulted from a third-party directive. "The ruling allowed patients to direct their request to a third party. If the patient said he wanted to send his record to an attorney, that was considered to be a patient-directed request and was entitled to the fee limitation. So, attorneys started using that circumstance to make requests appear to be a patient directive request going back to the attorney," he says. "Also, the attorneys and other third-party requesters gave office managers and administrators a hard time. They wanted to get discounted fees. The new ruling has given us more clarification in those instances, as the fee limitation will apply only to an individual's request for access to his or her own records and does not apply to an individual's request to transmit to a third party."

Physician's offices may see the most relief as a result of the new directive. "It is mainly about compliance for the doctors' offices. They were called and threatened by these attorneys if they didn't give them the fee limitations. Many of the lawyers filed complaints," Greene says. "All of that is behind those offices now. There are no more harassing attorneys trying to get medical records that they were not entitled to. All of that has been clarified for those physicians now."

Sections: Editorials