RT Journal Article SR Electronic T1 Health Care Provider Compliance with the HIPAA Right of Individual Access: a Scorecard and Survey (Revised) JF medRxiv FD Cold Spring Harbor Laboratory Press SP 19004291 DO 10.1101/19004291 A1 McGraw, Deven A1 Fitter, Nasha A1 Taylor, Lisa Belliveau YR 2019 UL http://medrxiv.org/content/early/2019/11/11/19004291.abstract AB Background Historically, patients have had difficulty obtaining copies of their medical records, notwithstanding the legal right to do so. In 2018, a study of 83 top hospitals found discrepancies between those hospitals’ published information and telephone survey responses regarding their processes for release of records to patients, indicating noncompliance with the HIPAA right of individual access.Objective Assess state of compliance with the HIPAA right of access across a broader range of health care providers and in the context of real records requests from patients.Methods Evaluate the degree of compliance with the HIPAA right of access 1) through telephone surveys of health care institutions regarding release of records to patients and 2) by scoring the responses of a total of 210 health care providers to actual patient record requests against the HIPAA right of access requirements. (51 of those providers were part of an initial cohort of 51 scored for an earlier version of this paper.)Results Based on the scores of responses of 210 health care providers to record requests and the responses of nearly 3000 healthcare institutions to telephone surveys, more than 50% of health care providers are out of compliance with the HIPAA right of access. The most common failure was refusal to send records to patient or patient’s designee in the form and format requested by the patient, with 86% of noncompliance due to this factor. The number of phone calls required to obtain records in compliance with HIPAA, and the lack of consistency in provider responses to actual requests, makes the records retrieval process a challenging one for patients.Conclusions Recent federal proposals prioritize patient access to medical records through certified electronic health record (EHR) technology, but access by patients to their complete clinical records via EHRs is years away. In the meantime, health care providers need to focus more attention on compliance with the HIPAA right of access, including better training of staff on HIPAA requirements. Greater enforcement of the law will help motivate providers to prioritize this issue.Competing Interest StatementAll authors receive compensation (either salaries or payments to independent contractors) from Ciitizen Corporation, which is a platform to enable patients (beginning with cancer patients) to collect, organize and share their medical records. There are no other competing interests to declare.Clinical Trialstudy is not a clinical trial - it is a study of compliance with law, so it is not human subjects research.Funding StatementAs noted above, all three authors are either employed by, or are independent contractors to, Ciitizen Corporation, which provided the sole funding support for this research. No external funding was received.Author DeclarationsAll relevant ethical guidelines have been followed and any necessary IRB and/or ethics committee approvals have been obtained.YesAll necessary patient/participant consent has been obtained and the appropriate institutional forms have been archived.YesAny clinical trials involved have been registered with an ICMJE-approved registry such as ClinicalTrials.gov and the trial ID is included in the manuscript.Not ApplicableI have followed all appropriate research reporting guidelines and uploaded the relevant Equator, ICMJE or other checklist(s) as supplementary files, if applicable.Not ApplicableThe url with supplemental data referred to in the manuscript will be available November 12, 2019. https://www.ciitizen.com/scorecard