The HITECH request must be from the patient to the provider. If the client is requesting that their provider send the medical records to their attorney, the request has to be in writing and signed. The request may get denied if the provider believes that a lawyer sent it. When drafting the letter, make it simple—avoid legal jargon or citations.
Full Answer
Mar 12, 2019 · First, you can provide your clients with draft HITECH letters requesting that records be sent to the client, and advise clients to send the letters directly to their medical providers. This approach can be advantageous if you are vetting a potential client and would like some evidence that the client is willing and competent to diligently pursue his or her claim.
Oct 04, 2017 · HITECH does not apply when an attorney requests the patient’s medical records; When the request is in writing from the patient, the healthcare professional must comply with HITECH and its rules When the request is from any other source, HITECH does not apply, and the healthcare professional can charge under state law and its rules, including the previously …
The new way using HITECH Here’s the new way to request medical records: The client signs an authorization making you his or her personal representative and a letter to the medical provider asking for his records. The lawyer fills out the provider information and sends it. The medical provider saves the records to a CD and charges the HITECH rate.
Mar 28, 2018 · The procedure is simple. Your request must be in writing, signed by your client, and it must clearly identify the designated person requesting the records (you or your law firm) and where to send the records. 45 C.F.R. § 164.524(c)(3)(ii). You should also include your client’s name, address, and date of birth.
The HIPAA Privacy rule has always required covered entities (medical providers and their business associates) to treat an individual's personal representative as the individual with respect to their protected health information. 45 CFR § 164.502 (g).
Here’s how most lawyers request medical records: The lawyer sends a request to the medical provider with a HIPAA release. The medical provider prints out all the records and charges the statutory per page rate. The lawyer receives the paper records and dumps them into the physical file.
In May 2020, HHS published rule making in the Federal Register about the 21st Century Cures Act, a 2016 law that amended portions of the HITECH Act, which signaled that HHS still considered cheap and easy patient access to medical records a priority, but did not fix the problem created by Azar. But what’s old is new!
Heraclitus, the Greek philosopher, said change is the only constant in life. That’s very much true with the law concerning requesting a client’s medical records. Before this year, a client could request his medical records and have them sent to his lawyer and the request was subject to a fee limitation under HITECH.
RESPONSE: Where an individual requests an electronic copy of PHI that a covered entity maintains only on paper, the covered entity is required to provide the individual with an electronic copy if it is readily producible electronically (e.g., the covered entity can readily scan the paper record into an electronic format) and in the electronic format requested if readily producible in that format, or if not, in a readable alternative electronic format or hard copy format as agreed to by the covered entity and the individual. 45 CFR 164.524 (c) (2) (i). Please also see this guidance from HHS: https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/access/index.html. I’ve attached screenshots of the pertinent parts:
The Cures Act prohibits "information blocking," which essentially are practices that limit the availability and use of electronic health information. The Act prohibits rent-seeking, opportunistic fees, and exclusionary practices that interfere with the access, exchange, and use of electronic health information. But 45 CFR 171.302 contains exceptions to the Act's fee limitations. This regulation says that a company cannot charge fees for the electronic access of an individual's electronic health information by the individual, their personal representative, or another person or entity designated by the individual--but only when the information is requested where no manual effort is required to fulfill the request. 45 CFR §§ 171.302 (b) (2) and (d). This means that when electronic health information is available through an API, or a patient portal, or a third-party app, companies can't charge the patient to access their own data. But it's no help for limiting the fees charged when we request medical records now. There is some very good language in the Federal Register about HHS's general thinking concerning patients having access to their own medical records, including: --"EHI should not be treated as a commodity that should be traded or sold. ONC takes this approach because we view patients as having an overwhelming interest in EHI about themselves, and because we understand that the true value of EHI can only be realized if it is available where and when it is needed, including providing electronic access to patients. Patients have already effectively paid for their health information, either directly or through their employers, health plans, and other entities that negotiate and purchase health care items and services on their behalf." 85 FR 25886 (May 1, 2020) --"We also emphasize that a majority of the EHI has been generated and recorded in the course of furnishing health care services paid with public dollars through Federal programs, including Medicare and Medicaid, or directly subsidized through the tax preferences for employer-based insurance. Yet, this EHI is not readily available when and were it is needed. We believe that the overwhelming benefits of publishing certified APIs that allow EHI from such technology to be accessed, exchanged, and used without special effort far outweigh the potential burden on [developers]." 85 FR 25761 (May 1, 2020).
RESPONSE: Under the HITECH Act, an “electronic health record” means “an electronic record of health-related information on an individual that is created, gathered, managed, and consulted by authorized health care clinicians and staff .” 42 U.S.C. § 17921 (5).