AHIMA Patient Request for Health Information Form Gives Healthcare Providers Model for HIPAA Compliance
AHIMA’s patient access form aligns with recent ONC recommendations and ensures provider compliance with patients’ “individual right of access” to their personal health information
The American Health Information Management Association (AHIMA) (@AHIMAResources) announced a first-of-its kind standardized model Patient Request for Health Information form to help healthcare providers streamline patient health information request processes and ensure they are compliant with the Office for Civil Rights’ (OCR) guidance on an individual’s right of access under the Health Insurance Portability and Accountability Act (HIPAA).
The suggested model patient access form is intended to be used as a template—to be modified with organizational specific contact information—and given to patients or their designated personal representative when they’ve requested access to their health records.
AHIMA developed the form after hearing from several healthcare and patient advocacy working groups that consumers are often confused by the inconsistency of patient access forms given to them by their healthcare providers. The form and AHIMA recommendations also align with a recent Office of the National Coordinator for Health Information Technology (ONC) report recommending a streamlined and more transparent patient records request process to reduce the burden on consumers. AHIMA members also asked for additional guidance of patients’ right of access under HIPAA.
“Many patients may not understand their rights to access their personal health information including that they can request to receive information in a format of their choosing, such as on a jump drive or through email. There also remains some confusion by healthcare professionals regarding their responsibility to provide patients with easy access to their records,” said AHIMA interim CEO Pamela Lane, MS, RHIA. “Written in easy-to-understand language for all patients, this model form and explanation of use provides healthcare providers with a customizable tool that both ensures their compliance and captures patient request information in a clear, simple format.”
The OCR interpretive guidance released in January 2016, titled, “Individuals’ Right under HIPAA to Access their Health Information 45 CFR § 164.524,” outlines the patient’s right to obtain their personal health information and clarifies the responsibilities of healthcare providers to comply with the HIPAA privacy rule. The updated guidance addressed the patient’s right to inspect and/or obtain a copy of their health records and to have a copy of their records sent or directed to an individual of their choosing.
The AHIMA model form is exclusively for access to personal health information by the patient or their designated personal representative and assists healthcare organizations by providing a standard request form with options for how patients want to receive their records. This standardization will help streamline the patient request process to help healthcare organizations meet the 30-day timeframe for patient access required under HIPAA. The model form does not replace a third-party authorization form or address specific state laws.
“AHIMA is committed to promoting and advocating for best practices in health information and to ensuring patients have access to trusted health information. This model form is a useful example for both large healthcare organizations and individual physicians’ practices by providing needed clarity on their obligations,” Lane said. “Our hope is that it will help connect patients with their health information and make them more empowered healthcare consumers.”
Recommendations on how to use the form and details for compliance, including links to the OCR guidelines, are included with the model form.
Recommendations for using the Patient Request for Health Information model form include:
- Organizations should edit the form based on system capabilities as well as operational needs.
- Organizations should read and understand the OCR guidance, 45 CFR 164.524(c)(3), to ensure compliance.
- Organizations are not precluded from developing their own internal policies that comply with the OCR guidance as long as they do not create barriers to patient access. For example, if a patient requests health information to be transmitted through unsecured email, the provider should comply.
- Logo, barcode, and address may be added at the organization’s discretion.
- OCR guidance and state laws should be consulted when developing an organization’s fee structure.
For more information and to download a copy of the form visit the AHIMA website.
The American Health Information Management Association (AHIMA) represents more than 103,000 health information professionals in the United States and around the world. AHIMA is committed to promoting and advocating for high quality research, best practices and effective standards in health information and to actively contributing to the development and advancement of health information professionals worldwide. AHIMA is advancing informatics, data analytics, and information governance to achieve the goal of providing expertise to ensure trusted information for healthcare.