HIPAA- A Barrier Between You & Your Medical Records?

Back in 1996, when the Health Insurance and Portability and Accountability Act (HIPAA) was signed into law, the intention of the law (especially Title IV) was to protect a patient's right to privacy, reduce fraudulent activity, streamline data systems and improve the health insurance system overall.

For years prior to the law's passage, there was no federal standard for obtaining your medical records. Without the patient's knowledge, records were being given to insurance companies, sent to landfills or just flat-out lost. Alerted by highly publicized lapses in medical record confidentiality (a garbage truck crash that sent medical records flying all over the highways, a doctor selling a computer without deleting patient information from the hard drive, and the list went on and on), lawmakers decided a better system was needed. So the whole theory behind HIPAA regs are that your medical records are just that, yours, and they cannot be given to anyone without your approved consent. Furthermore, you should be able to access your own medical records, or appoint a designee to get them for you.

After much protest from health organizations over steep fines for non-compliance, confusing new rules and the high cost of getting an office HIPAA compliant; the law was turned on its head. Today, its patients, not the insurance companies or providers that are having a hard time obtaining medical records.

What started out as an altruistic bill aimed at improving the health care system for patients, has become the ultimate Big Medicine delay tactic. Now they feel they are the gatekeepers between you and your medical records, and getting through may not be as easy as you'd think. Just ask the people in this USA Today article.

They know all too well the sneaky methods employed by hospitals to keep you from finding out what really went on during your hospital stay, sometimes by what experts refer to as “wrecking” medical records. This process is when hospital staffers knowingly try to obscure the records by darkening, lightening, shrinking or distorting the photocopies or adding White Out to the parts of the records they wish to keep hidden. Records are also selectively chosen, and most hospitals give a “summary” of key events. Full records (especially the incriminating ones) often go unrevealed forever, or at least until well after the medical malpractice statue expires. Convenient, huh?

So what's a patient supposed to do? First thing you have to know- you have recourse. Although a lot of things have changed about HIPAA, one thing hasn't- steep fines for non-compliance. If you or a loved one is having difficulty obtaining medical records, arm yourself with knowledge. This aspect of HIPAA is monitored by the Health & Human Services' Office of Civil Rights (you can find your local branch here). These are the guys that you need to bring your concerns to, and they will assist with filing a complaint. Once you bring it the OCR's attention, it will be investigated, and appropriate action will be taken.

Remember, hospitals have 30 days to provide you with records that they house on-site, 60 days for those housed off-site, and if they cannot get them to you in that time frame, they need to notify you. Don't let them push you around, especially if you have time restrictions such as a running statute of limitations.

If all else fails, call the Department of Health. Although no private civil action can be brought against the hospitals for non-compliance, there are plenty of rules targeted at keeping them in line.

Want to play it safe? Make the effort to periodically collect your records with each doctor and pharmacy that you use. You will have to pay for the records, but having them at your disposal might just prove to be beneficial.