Getting copies of your client’s medical records from their provider or hospital is a frustrating and time-consuming task. Being prepared for what is required can make you or your staff much more efficient. By understanding the issues below you can minimize any delays you are likely to have.
Medical records are subject to the confidentiality provisions of HIPAA. This means that even as an attorney or law firm, you will still need to provide you have the appropriate privilege to get copies of medical records. This often comes in the form of a Medical Records Release signed by your client (it may be advantageous to have the patient make a request using a medical records release – see #2 below), a subpoena, court order, or a similar document. Most providers require analog signatures (not Docusign or similar electronic signatures) on these release forms. Be sure your form is HIPAA compliant and includes specific time frames during which the records you are seeking occurred. The tighter your specificity the more likely you will get what you need.
Providers may be permitted to charge you or your client for these records. Depending upon which state your client resides in (or where his or her records are located) there may be limitations on what can be charged. Typically, if the request comes from your client it will be much cheaper than if it comes from you or your firm. HIPAA, HITECH, and the CURES Act limit charges if the request is made by the patient. HIPAA states that the lower of HIPAA’s limits or the state’s limits should prevail. If an attorney or a data collection firm makes the request as a “personal representative” of that patient, it appears that the request is protected by the fee limitations of the Act. However, be prepared for an argument about fees that may delay your obtaining records.
It often is faster, cheaper, and results in better quality documents if records are sent electronically. This avoids having a paper copy or fax that will likely need to be re-digitized. It also avoids expensive couriers and overnight fees. You can license a system that will enable you to send requests to a provider that facilitates the electronic return of the medical records to you. Systems like this are secure and HIPAA compliant. Avoid using email, DropBox, Adobe, Google Drive, or such other drive sharing system since most of these transfers are not HIPAA compliant. Even radiology or digital pathology slides can be sent electronically with the right system, avoiding costly overnight mail and problematic CDs.
Similar to the payment issue above, requests that come from your client are subject to limited durations according to the CURES Act. This usually means that delays will not be more than thirty days. Similarly, if the request is made by an attorney as a “personal representative” of a client, this request should get the same protection. However, don’t wait until the last minute to request medical records since often these limits are ignored, or sometimes the wrong information is sent requiring additional requests.
By having these four issues in mind when you attempt to gather records, you will be more prepared for what may occur and you may find this onerous process a bit more bearable.