Are you one of the 2.7 million people that use a Fitbit wearable device to track your health goals? Then you are part of the new trend of consumerism in healthcare. With this trend and the growing number of apps using health data, online access to medical information through the web is becoming more common and patients are looking for more online engagement with their health providers.
The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule provides individuals with a legal, enforceable right to see and receive copies upon request of the information in their medical and other health records maintained by their health care providers and health plans. Covered entities are required to share health information in a ”designated record set” with individuals upon request (except in rare circumstances).
This patient-centered health care approach puts patients in the “driver’s seat” by empowering them to be more in control of decisions regarding their health and well-being. Patients with access to their health information are better able to monitor chronic conditions, adhere to treatment plans, find and fix errors in their health records, track progress in wellness or disease management programs, and directly contribute their information to research.
But there are still concerns about the privacy and security of patient records. A survey from the Kaiser Family Foundation found that “more than half of respondents whose doctor uses an EHR said they were “very” or “somewhat” concerned an unauthorized person would access their personal health information.”
The HIPAA Security Rule requires web portals providing access being set up with appropriate authentication controls to ensure that the person seeking access is the individual or the individual’s personal representative. HIPAA does not cover many of the companies that collect health data from fitness trackers.
The Centers for Medicare & Medicaid Services (CMS) has just taken steps forward in patient data access and care coordination by finalizing its rule on discharge planning, calling on hospitals to empower patients with the information necessary to seamlessly transition from acute care to post-acute care (PAC). Providers are called to reiterate patient data access rights under the HIPAA Privacy Rule to empower patients in their own care and actively involve them in the care coordination process.
Patient access was among the top issues for the Office for Civil Rights (OCR) HIPAA investigations from 2015 through 2018. Just recently (OCR), settled its first case under its Right of Access Initiative. “A St. Petersburg, Florida-based trauma and tertiary care center, Bayfront Health St. Petersburg, paid $85,000 to OCR to settle claims it failed to provide a mother with timely access to her child’s prenatal health records, but it did not admit culpability. OCR will monitor Bayfront for one year to ensure ongoing compliance, and the hospital will undertake a corrective action plan.”
It will be years before seamless digital access by patients to all of their health information is a reality. It’s the government’s turn to continue pushing to remove barriers to patient access and find a balance of privacy protection and health data access. The need for new approaches is clear.
If you have questions about HIPAA regulations, let us know.