Ciitizen HIPAA Right of Access Study Shows Substantial Improvement in Compliance

Healthcare providers’ compliance with the HIPAA Right of Access has significantly improved, according to the most recent Ciitizen’s Patient Record Scorecard Report.

To make the report, Ciitizen performed a study involving 820 healthcare providers to evaluate each one’s response to the request of patients to get copies of their healthcare data. A wide selection of healthcare providers was assessed for the study including single physician practices and large integrated healthcare delivery systems.

Under the HIPAA Privacy Rule, patients have the right to access a copy of their healthcare data from their providers. The request should be sent in writing. The healthcare provider should provide the patient with a copy of the health data in a specified record set within 30 days from the submission of the request. The data should be made available in the format the patient requested if the PHI can be readily produced in that format. If it is not possible to provide the data in the requested format, the provider must give the patient the healthcare data in print or in an alternative format agreed to by the patient.

For the study, Ciitizen users sent requests for copies of their healthcare data to the healthcare providers. The provider then gets a rating from 1-5 according to their response. A 1-star score represents a non-HIPAA-compliant response. 2-stars are awarded if requests are sooner or later settled satisfactorily, however it took multiple escalations to supervisors. A 3-star rating is awarded when the request is fulfilled with minimal intervention, and a 4-star rating is provided to providers that are completely compliant and gave a seamless response. A 5-star rating is given for providers with a patient-focused procedure who surpass the requirements of HIPAA.

Previous studies revealed that most providers (51%) do not comply with the HIPAA Right of Access. The most recent study saw an improvement of 27%. The percentage of healthcare providers awarded 4-star ratings increased from 40% to 67% and the percentage of healthcare providers awarded 5-star scores increased from 20% to 28%.

Further good news from this year’s study showed that only 6% of the 820 healthcare providers charged patients reasonable fees for producing the records.

In earlier studies, a lot of healthcare providers required patients to sign a standard form, however this year, the majority of providers accepted any kind of written request and did not ask patients to fill up a specific form before processing the request.

The current study had a significant increase in assessments, which may partly be due to the improvements in compliance. There were 51 providers assessed for the Patient Record Scorecard report for the first time, 210 providers for the second time, and 820 for the third time. Ciitizen notes that the percent of non-compliant providers in those studies did correlate with a separate study performed on 3,000 providers, , which indicates that the improvements made are real.

Ciitizen attributes the better compliance rates to three primary factors:

  1. More focus has been placed on the right of people to get copies of their healthcare information following the HHS’ Centers for Medicare and Medicaid Services and the HHS’ Office of the National Coordinator for Health IT published new rules, making it less difficult for patients to request copies of their healthcare information.
  2. There is a positive impact on the release of information (ROI) vendors who process the patient data requests on behalf of covered entities so that they comply with the HIPAA Right of Access.
  3. The HHS’ Office for Civil Rights started a HIPAA Right of Access enforcement effort a year ago. Since then, two covered entities were issued penalties of $85,000 for failing to comply.

It is also probably because the Ciitizen set up a website that displays the scores of each provider encouraging healthcare providers to follow this vital aspect of HIPAA.