Cancer patients must exercise their data-access rights. Hospitals must help.
Did a hospital clerk ever refuse your record request, “to protect your privacy under HIPAA?”
On the 4th of July, we celebrate the founders’ substitution of the rule of law for the rule of tyrants. Surprised me to learn that adherence to the rule of law is associated with better health outcomes, including longer life expectancy, in 96 countries and 91% of the world’s population.
But what good is the rule of law to cancer patients in rural Fort Scott Kansas? Since the Cancer Center of Kansas gave two weeks’ notice and closed the local cancer clinic, they have had to drive 50 to 63 miles to continue weekly chemotherapy. What good is the rule of law to patients who have been abandoned by the closing of more than 100 rural hospitals since 2010? How can patients prepare for the closing of Critical Access Hospitals in states that did not expand Medicaid eligibility for low-income adults and do not reimburse providers for the care of uninsured patients?
Everyone has heard about the Health Insurance Portability and Accountability Act of 1996 (HIPAA) but few patients realize it gives them a legal, enforceable right to request records maintained by their health care providers and health plans including medical records; billing and payment records; insurance information; clinical laboratory test results; medical images, such as X-rays; wellness and disease management program files; and clinical case notes.
Once a hospital closes it is too late for cancer patients to retrieve records that they need to avoid future medical errors, overexposure to x-rays, and costly repetition of radiology images.
HIPAA requires its covered entities–hospitals, medical clinics, physician practices, pharmacies, and health insurers–to fulfill patients’ record requests, usually within 30 days, at a reasonable cost and in the format that patients request (e.g., paper copy, fax, electronic copy or CD). Even so, a 2018 Yale University study found that 83 leading hospitals made it costly and difficult for patients to get their records due to ignorance of the law and patients’ legal data-access rights.
But wait! There’s more! The Centers for Medicare & Medicaid Services (CMS) maintains a searchable directory including the National Provider Identifier (NPI) numbers and sometimes the fax numbers of hospitals and other HIPAA-covered entities. By 2020, when its proposed Interoperability and Patient Access Rule takes effect, hospitals must update their NPI listings to include electronic endpoints (such as Direct email addresses and FHIR URLs).
By 2020, any hospital, from low- to high-tech, can afford to comply with the CMS Patient Access Rule, helping patients exercise their data-access rights while preparing for unexpected business transitions.
Get in touch about turning the lemon of regulations into lemonade for cancer patients and rural hospitals.