skip to Main Content
Traversing The Path To Patient Data Access

Traversing the Path to Patient Data Access

One patient’s experience & the outlets emerging to help
Cross posted from Billian’s HealthData 

Editor’s Note: Excerpted from original post.  Loran outlines the array of challenges she experienced as a patient and a caregiver trying to obtain medical records for herself and her children.  She hopes sharing her Tracer experience will help improve the process for others.

Before I dive into each attempt, I should note that in Georgia, it is legal to charge patients by the page for their records, even if delivered electronically. It isn’t the first time I’ve asked a provider for something, not knowing how much it was going to cost until after it was delivered (with a strict no-refund policy), so that in and of itself was stressful. The stress turned out to be unmerited, because providers never even got that far…

Primary Care
No records or portal were available at the time of my first request (circa October 2013). Granted, their health care system was in the throes of an EHR vendor transition, but after a year, my insurance company dropped them from my network. Had my records been shared with me, I would have been more likely to be loyal, as I did like my doctor and more frequently seen nurse practitioner. I found a new physician in my network (who I found on Yelp, thank you very much) that has an online portal, which I was set up on within 24 hours of my first visit, and I had a detailed response within one business day of my lab results and suggested prevention strategy. A downloadable PHR is available through their eClinicalWorks portal, but generated an error and an empty .jsp file. I’ve since gone for a follow-up, which strangely notified me of my visit the day afterward, but it took a full week to get the same lab results posted. Generating the downloadable PHR is still unsuccessful, but I was told that their contractor would be informed.

No portal. I requested emailed records and was told they could not deliver because of HIPAA. They did offer to fax via email, though I struggle to understand how that is more secure than a direct email exchange. After some pressure, I was told that they are “attending a conference in August to see about setting up a patient portal.” We recently had to visit a partner office on a Saturday, who shared billing but not clinical data with our pediatrician’s practice. I was asked if my daughter was allergic to any drops. I remembered an allergic reaction in infancy to an antibiotic eye drop, but was not sure if it was her or her younger sister who had the reaction and certainly did not recall the name of the medication. I asked if they could contact the nurse or doctor on call and have them look it up to confirm, as we were going out of town and did not want to deal with an allergic reaction on vacation. I was told that they would not have access to the EHR at home, so I suggested calling the pharmacy, who informed us they did not have any allergic reactions on her file. Had I been given her records, I would know.

I recently had an x-ray done on my foot at a facility where a sparsely populated GreenWay patient portal was set up, through which I requested copies of my imaging. I was called one week later and told that I would have to come in to the office and fill out a form. I asked if I could submit this digitally, and was told that I could go to the website and download the form. I had been to the practice’s website before and complimented them on the thoroughness of their site. I then inquired how to navigate to the form, since I remember the site being very heavily detailed. The woman on the phone apologized and said she did not know, as she had never used their website. I then inquired about the imaging delivery process, assuming that if I can locate and email the form, they could email the images, right? Wrong. They said they could mail them to an address, or I could pick up the printed copies.

In each case, the fact that I had a secure, identity-verified, direct address meant nothing to whomever I spoke to. On more than one occasion, I asked to speak to a supervisor, only to find an individual even more steeled in their resolve to not give me what I was requesting. From a patient perspective, this can be intimidating. Especially if a chronic patient knows they will have to continue to deal with the front office as well as the doctor on an ongoing basis, it can be difficult to stand your ground. I find myself often wishing there were just machine kiosks to check in/process paperwork, rather than another apathetic individual spoke in the wheel of the healthcare system.

Using regulatory reference as a stop gap is usually enough to get a pesky patient off the front office’s to-do list, and I’ve found it utilized with frequency in managing my long-term disabled father’s care, so I wasn’t surprised when HIPAA was invoked to bar access to my own records. Interestingly, the largest fine levied under HIPAA to date against a single entity was for failure to provide medical records. CIGNET Health in Maryland was fined $4.3 million for failing to provide patients their records and cooperate with the Department of Health and Human Services’ investigation in 2011. As a patient, communicating this fact may help, but submitting a written request, backed by the participation of fellow patients and empowered with a feedback loop for industry and regulators alike to act upon seems like a much more expedient approach.

Enter, a campaign dedicated to communicating the why, how, and what to request, as well as the rights you have as a patient under today’s laws. Among the “How to request data” help section, the site suggests using BlueBlutton, Patient Portals, or, if your provider has neither, there is now Vocatus, an open source initiative led by Code for America to streamline the patient access request process. For patients trying to aggregate their data from multiple providers, this approach has the potential to save a considerable amount of time and effort. The web form simply takes the patient’s name, the provider’s name, and format preferences, and submits a written request via fax to the provider, enumerating the legal requirements and contact information of the patient. Users are given the option to participate in a follow-up study to gather data on the timeline and format in which their request was met, with the intention of using this data to support regulatory efforts in the future.

The main takeaway I got from Cinderblocks is that obtaining open, accessible health records is a complex, multi-faceted problem and it will require quite a bit of educating and marketing to help consumers and patients see the value in having access to their own records and to encourage them to demand it.


Back To Top