Wanna know the secret to avoiding patient complaints? Well, until we figure out the trick to making everyone happy (which is next to impossible) we can at least fill you in on the next best thing – how to avoid one of the main causes of patient complaints – improper patient record access. 

You might be thinking, how can providing patients access to something that’s already theirs be that hard? Yet more than half of practices still fail to comply with patient access laws, opening themselves up to complaints and ultimately HIPAA fines. In fact, the Office for Civil Rights (OCR) just recently announced the 12th settlement in their right of access enforcement initiative, further emphasizing the importance of providing proper access. 

The Boring Stuff: What is the Right of Access law?

The HIPAA Patient Right of Access law was created to provide patients with a level of ownership over their own medical records. This means that patients are able to: 

• Ask to see or receive a copy of their medical records in either paper or electronic form 
• Ask to change any incorrect information within their medical records or add information if they feel something is incomplete
• Request that certain information is not shared with specific parties

What information can be provided to a patient?

Does this mean that your practice has to go and round up every single one of Sally Smiths’ records when she asks for it? Not necessarily – when a patient asks for access to their records there is specific information that you are legally expected to provide which is referred to as the “designated record set” and includes:  

• Medical and billing records about individuals maintained by or for a healthcare provider 
• Enrollment, payment, claims adjudication, and case or medical management record systems maintained by or for a health plan
• Other records that are used by or for the practice to make decisions about their patient’s health 

RELATED: Your Patient Requested Access to their Medical Records, Now What? 

Ok, so…what information shouldn’t be provided?

Now before you go and slap a postage stamp (or hit send on that encrypted email) with the entire patient file, there is some information that can be left out of the designated record set. Any information that does not pertain to decisions made about the patient’s health directly does not have to be provided to patients such as:

• Management records that are used for a practice’s business decisions only
• Psychotherapy notes are the personal notes of a mental health care provider that document the contents of a counseling session and are kept separately from the rest of the patient’s medical records (even when these are requested, all other records should still be provided – or you can still get hit with a HIPAA fine)
• Information compiled to be used in a civil, criminal, or administrative action or proceeding 

There’s a host of other requirements when providing patient records, and knowing what policies the Right of Access law includes is important to avoiding patient complaints about record requests. Unless you’re a professional people-pleaser, dealing with patient complaints is inevitable – but with HIPAA right of access enforcement continuing to ramp up, it’s an important topic to keep your practice up to speed on.