Inside Track: Need Medical Records for Your Case? Get Them Quicker, at Lower Rates:

State Bar of Wisconsin

Sign In

Top Link Bar

  • InsideTrackInsideTrack

News & Pubs Search

-
Format: MM/DD/YYYY
  • Need Medical Records for Your Case? Get Them Quicker, at Lower Rates

    Under the federal HITECH Act, individuals have a right to obtain personal health information. In this article, attorney James Scoptur explains how the law also allows attorneys to obtain their clients’ records at lower rates, and more quickly.

    James P. Scoptur

    Share This:

    stethescope and tabletOct. 21, 2015 – The costs associated with files are on the rise, especially if you practice personal injury or another area of law where you need to obtain medical records and billing information for your clients or potential clients.

    However, the Health Information Technology for Economic and Clinical Health Act (HITECH Act) can substantially reduce costs for obtaining medical records and bills. The HITECH Act encompasses a lot of different areas dealing with healthcare providers and health information technology.

    This article highlights important areas of the HITECH Act that can help attorneys access a client’s medical records and bills at a substantially lower rate, or even for free, as opposed to statutory rates under Wisconsin law.

    Purpose of the HITECH Act

    The HITECH Act was signed into law on Feb. 17, 2009. The purpose of the Act is to promote the adoption and meaningful use of health information technology in healthcare.1 Part of the American Recovery and Reinvestment Act of 2009, the HITECH Act includes incentives for healthcare providers to accelerate the adoption of electronic health record (EHR) systems among providers.

    James P. ScopturJames P. Scoptur (Marquette 2010) is an attorney at Aiken & Scoptur, S.C., Milwaukee, focusing on civil litigation. Reach him by email or by phone at (414) 225-0260.

    The law anticipated that incentives for healthcare providers would lead to a massive expansion in the exchange of electronically protected health information (ePHI), so the Act contains provisions that widen the scope of privacy and security protections available under the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

    Importantly, the HITECH Act gives the government more bite in its ability to prosecute healthcare providers (“covered entities”) who violate the Act.

    A “covered entity” includes healthcare providers, health plans, health clearinghouses, and business associates.2 “Business associates” includes anyone who creates, receives, maintains, or transmits protected health information (PHI) governed by HIPAA, or provides claims processing, data administration, or billing, or any subcontractor who conducts these functions for a business associate, which could include record copying service providers, software vendors, and third party billing companies.3

    The Office of Civil Rights (OCR) of the Department of Health and Human Services (DHHS) can investigate complaints and levy fines for violations of the Act.4 If a healthcare provider is found to have “willfully neglected” a provision or provisions of the Act, the OCR will impose mandatory fines of up to $250,000 and up to $1.5 million for repeat or uncorrected violations.5

    Obviously, if you are having trouble getting medical records and bills under the Act, the threat of, or a complaint to, the OCR can be a powerful tool. 

    Health Record Access

    Under the HITECH Act, an individual has a right to obtain their personal health information.6 Under the Act, a personal representative, if a patient is deceased or the representative under applicable law is the person who has the authority to act for the individual, is to be treated “as the individual” for purposes of making a records request for protected health information.7

    Protected health information means all information (e.g., records, bills, graphs) that is: 1) transmitted in electronic media; 2) maintained in electronic media; or 3) transmitted or maintained in any other form or medium.8 This is an incredibly broad and incredibly powerful definition at your disposal.

    The Act includes language that the individual making the request for personal health information can designate a third party to receive the information9 – i.e., an attorney. The Act only applies to first-party requests. A third-party request would still incur the fees under Wisconsin statutes.

    Significantly, aside from some exceptions,10 a covered entity must act on the request no later than 30 days from the receipt of the request11 by: 1) providing the requested information;12 or 2) providing the individual with written denial of the information.13

    If the covered entity is unable to either provide the requested information or provide a written denial no later than 30 days from receipt of the request, then the covered entity can extend the time by no more than 30 days,14 provided that: 1) within the time limit in (b)(2)(i), provides the individual with a written statement of the reasons for the delay and the date by which the covered entity will complete its action on the request; and 2) the covered entity may have only one such extension of time.15

    The personal health information requested by an individual must be provided in the form requested by the individual, including in a readable electronic form if the covered entity uses electronic health records.16 This could be a Portable Document Format (PDF), or as commented by DHHS, via unencrypted email if the individual is warned of the security risk associated with unencrypted email.17

    This applies to all protected health information that is “maintained in one or more designated records sets electronically.”18 Further, DHHS has stated that any “images or other data that is linked to the designated record set must also be included in the electronic copy provided to the individual.”19

    Fees

    Perhaps most important for an attorney, and possibly the client in the end, are the fees associated with requesting medical records and bills. The fees should be reasonable and cost-based.20 It is possible that what is “reasonable” and “cost-based” could be determined on a case-by-case basis if there is a dispute.21 Importantly though, the Act preempts state law.22

    Under the Act, any fee that the covered entity may impose for providing an individual with a copy of electronic personal information shall not be greater than the entity’s labor costs in responding to the request for the copy.23

    An entity’s labor costs for providing electronic records can only include: 1) labor for copying, whether in paper or electronic form; 2) supplies for creating the paper copy or electronic media; 3) postage if the individual has requested the information be mailed; and 4) if an individual has requested or agreed to an explanation or summary, the costs associated with preparing an explanation or summary of the PHI.24

    Oddly, 42 U.S.C. § 17935(e)(2) dealing with fees under the Act only mentions requests for “an electronic form,” while 45 CFR § 164.524(c)(4)(i-iv), as mentioned above, discusses both paper and electronic records to be provided to an individual.

    It is this author’s belief that it is immaterial whether paper copies or electronic copies are requested under the Act, as the individual is able to choose the method of production of PHI under the Act,25 and the regulations state it can be in paper or electronic form.26

    Conclusion

    The HITECH Act is a powerful tool to use when requesting an individual’s medical records and bills. It directs covered entities to provide the requested information within a short amount of time and at a reasonable, cost-based fee, or deal with mandatory fees from the OCR for noncompliance.

    The Act allows attorneys to obtain much-needed information more quickly and at a much lower cost than the state rate. Expect push back from covered entities and their business associates who want more money or are ignorant of the law. But a simple letter laying it out to the entity will likely deliver the intended result.

    Endnotes

    1 See generally HITECH ACT, 42 U.S.C. § 300jj-11.

    2 45 CFR § 160.103.

    3 Id.

    4 See generally 42 U.S.C. 1320d-5.

    5 Id.

    6 45 CFR § 164.524(a)(1).

    7 45 CFR § 164.502(g)(1), (2); 45 CFR § 164.502(g)(4).

    8 45 CFR § 160.103.

    9 42 U.S.C. § 17935(e)(1).

    10 See 45 CFR 164.524(a)(2)(i-v).

    11 45 CFR § 164.524(b)(2)(i).

    12 45 CFR § 164.524(b)(2)(i)(A).

    13 45 CFR § 164.524(b)(2)(i)(B).

    14 45 CFR § 164.524(b)(2)(ii).

    15 45 CFR § 164.524(b)(2)(ii)(A), (B).

    16 45 CFR § 164.524(c)(2)(i), (ii); 42 U.S.C. § 17935(e)(1), (2).

    17 78 Fed. Reg. 5636, at 5634 (Jan. 25, 2013).

    18 45 CFR § 164.52(c)(2)(ii).

    19 78 Fed. Reg. 5636, at 5633 (Jan. 25, 2013).

    20 45 CFR § 164.524(c)(4).

    21 See 78 Fed. Reg. 5636 (Jan. 25, 2013).

    22 45 CFR § 160.203; 45 CFR § 160.202.

    23 42 U.S.C. § 17935(e)(2).

    24 45 CFR § 164.524(c)(4)(i-iv).

    25 45 CFR § 164.524(a)(1).

    26 45 CFR § 164.524(c)(4)(i-iv).




Server Name