Under HIPAA, patients are granted the right to access their medical data, but some find this data hard to access, confusing to interpret or harmful to the patient-physician relationship.
In fact, this right to access has sparked a recent debate in the healthcare arena as to why patients would even want to see their data, which can be thousands of pages long, or if they even should have full access.
According to the law, patients can request to view or get a copy of their health records from covered entities, which include health plans, most healthcare providers and healthcare clearinghouses. Patients can also ask to have corrections made to their health information and find out who has seen their records since providers may share patient data with insurers or other physicians.
To access their complete medical data file, patients must put in a formal request and pay costs of copying and mailing. Then, providers have 30 days to comply. The 21st Century Cures Act takes this a step further and requires the EHR to be translated into patient-friendly language, which some — like Epic CEO Judy Faulkner — allege creates a barrier to getting the medical record to the patient.
Although patients can legally access their data, a recent ONC report found many aren't, citing confusing patient portals with incomplete or missing information.
Some hospital executives say the specific wording physicians use in patient chart notes may jeopardize the patient-physician relationship, or, in the case of mental health, the notes may be too sensitive to share with a patient.
So, the question remains: Should patients have full rights to their medical data? Becker's Hospital Review asked five health industry executives for their opinions on this issue.
Note: Responses have been lightly edited for length and clarity.
Daryl Kallevig, CIO of Aitkin, Minn.-based Riverwood Healthcare Center. "The patient really owns their medical record. We are just the custodians of it. Physicians and clinicians document in notes things they would hope patients may never see — [like] mental health patients or a drug-seeking patient that comes into our emergency room. Providing a patient with a [censored] medical record is something that needs to be done from a patient safety perspective. [Another] perspective I think [is important] is the relationship between the patient and physician. If they've had an ongoing relationship for a number of years, would that patient or that physician want to see that compromised by a statement in a medical note?
There has to be discretion in what is released to the patient. If it is perceived it can harm the patient in any fashion, it shouldn't be released — whether that harm is emotional, psychological or whatever."
Thomas Pappas, executive vice president of business strategies at The Center for Neurological and Neurodevelopmental Health and former CEO of Minnetonka, Minn.-based UnitedHealthcare's Pennsylvania branch. "I come from the health insurance side of things. The patient owns the data — ownership is fundamental. Access to data is where the problem comes in. The hospital and/or the doctor are the custodians of the data. There's ownership, there's the custodian, and then there's where the data resides. Epic and Cerner, who handle electronic health data systems, are not prone to releasing data because they know how critically important it is."
Keith Safian, CEO of Safian and Co. and former president and CEO of Sleepy Hollow, N.Y.-based Phelps Hospital. "An EHR company is a 'carrier' and has no rights to any content, much like a radio station does not own a song they play on air. The hospital or physician practice and its staff create the data, store the data, are required by law to protect that data, so in that vein, the hospital/physician owns it.
Patients should have unlimited access to their data, but since they did not create it and are not responsible for maintaining it, they do not own it. For example, if a patient owned it, he or she could demand a hospital or practice destroy 'his or her' medical record, which a hospital cannot do for many reasons."
Grant Geiger, CEO, New York City-based EIR Healthcare. "The patient owns their data, but the physician office and facility owns the record. These tenets have been in place for decades. However, as we embrace a digital world and 94 percent of all hospitals now use [a] certified EHR, this equation is shifting. And tomorrow, as we [look] beyond the EHR and we think about the adoption of [internet of things] functionality in hospitals, we all need a fresh look at this relationship.
With the introduction of IOT and passive monitoring of patients, we need new guidelines and regulations in place for the future of healthcare. We are going to collect more data from patients in the next five years than we have in the past 10. The patient should always own their data, but it's no longer going to be on a piece of paper and we need to start thinking that way."
Mike Kijewski, CEO and co-founder, Encinitas, Calif.-based MedCrypt. "Patient healthcare data should be accessible and transportable by patients, providers and payers alike — they all have a role in 'owning' patient data. Patients can't be as engaged if they don't have access to their healthcare data and records. A healthcare free market would allow patients to choose providers who use software systems that make their healthcare records accessible. However, patients are not easily able to choose their healthcare provider based on the [EHR] the provider uses, especially when two [EHR] vendors together have [roughly] 50 percent market share today.
The federal government allows citizens to access data via [Freedom of Information Act] requests. Banks make customers' transaction records available to them. Healthcare IT companies need to give patients access to their own healthcare data."