Who owns medical office records

Generally, the vendor owns the right to grant or deny access. This makes ownership a moot point, because if the doctor cannot access them to provide care, transfer the information to another provider, or to give the record to the patient a patient right under HIPAA then the records are essentially being held hostage, which is not permitted.

Even HIPAA provides that a doctor cannot withhold medical records pending payment for care—but these vendors can, and do. There are some common scenarios which complicate this even further; eg, doctors may pass away, or retire or leave the practice of medicine without notice. In each of these scenarios, there would be a problem immediately accessing EHRs without some kind of arrangement already in place. If the only way to validate an authorized user is through the doctor, and that doctor is unavailable, then there will be issues getting patients the care they need in a timely fashion.

And remember, the vendor has essentially no liability, per contract. In most cases, the vendors also state that they have no responsibility accommodate patient rights directly, and it is common practice for a business associate as defined under HIPAA to defer patient access requests back to the provider. Addressing these serious concerns will take either reasonable minds to work out common practice standards for EHRs or a tragic event where medical records are inaccessible, resulting in dire consequences.

It is not truly ownership that is the issue, so much as control. There are many interests here, all with valid legal considerations.

Each professional must document findings; entities must document care and billing; associated vendors must document their actions; and patients need the information available. In the end, a legal, ultimate source record must be kept; the fundamental question is, who has the keys to it? It should not be the EHR vendor with ultimate control, and, despite their protestations to the contrary, the contracts give the EHR vendors critical access control.

What You Can Do What can doctors do now, especially if they have little bargaining power? Read the contracts with the EHR vendors and negotiate using the law. Doctors should carefully read the contracts anyway. If doctors cannot withhold records from patients for lack of payment, then there must be a mechanism to ensure records are not withheld from doctors.

In the case of nonpayment, records are returned to the doctors in a readable format. In such cases, records could not be deposited with the trustee as that would violate privacy laws; however, the trustee could be notified of available options.

Code tit. Code Regs. Code Ann. Kansas Admin. Code R. It can be argued that practices should be allowed to charge something for providing this access.

Not only could gouging patients invite an OCR audit, it could also create bad publicity. Patients frequently request records when they switch physicians. In many cases, the charts include old problems that are no longer active and medications that patients no longer take. I get notes from urologists saying they counseled patients on smoking cessation or on their obesity. Aside from the utility of exchanging these kinds of records, there are also privacy issues that arise in health information exchanges HIEs designed to facilitate the movement of patient data between providers.

To protect privacy, some states require that patients grant permission for the use of their data in HIEs; other states mandate that they be given the opportunity to opt out. Not only is this approach too labor-intensive for providers, but it has led to varying interpretations of HIPAA obligations.

Nash favors having physicians export clinical data to a health data bank such as Microsoft HealthVault. Then patients could share their data with other providers, he says. With such a platform available, he says, patients could share information with other physicians, and consultants could share their reports with primary care doctors. This kind of approach would sidestep the concerns about patient privacy that have been an impediment to HIEs.

We want them to be savvy and to understand. Patient records: The struggle for ownership. December 10, Who owns the records? Next: Understanding the legalities Legal opinions on the matter differ as well. Next: Indentifiable data Identifiable data Record ownership at the practice level is not the only area of uncertainty.

Many states have their own laws regarding patient access to their medical records. Some are stronger than the federal rule. Providers must ensure that a copy of medical record is transmitted to the patient within 15 days from when the request was made.

In physician surveys, practitioners have often expressed concern that giving patients access to their records may do more harm than good, but a growing number of thought leaders in medicine now consider that an out-of-date, paternalistic view that is unsupported by research. In one published pilot project, the primary care physicians who participated all wanted to continue its use by the end of the experiment. This pilot also showed significantly improved patient satisfaction and education, and it also was thought to contribute significantly to improved patient safety.

This content was created by Everyday Health Media on behalf of an advertiser. More Information. Much of the Content on this page created or selected by the Everyday Health Media team is funded by an advertising sponsor. The content selected by the Everyday Health Media team conforms to its editorial standards for accuracy, objectivity, and balance.