When you own or manage a medical facility, you are considered a covered entity, and there may come a time when a patient or a representative for that patient requests a copy of their medical records. There are rules to follow to avoid receiving medical record penalties. Even if the patient owes money to the medical facility, it is still obligated to oblige within a certain amount of time.
According to the Health Insurance Portability and Accountability Act (HIPAA), “The HIPAA Privacy Rule grants patients or their personal representatives the right to receive, inspect and review their health information, including medical and bill records, on demand.” The covered entity then has 30 days to get the records to the patient or their representative to avoid medical record penalties. If 30 days is not long enough, the patient or their representative must be provided an explanation from the covered entity within the 30-day time-frame, and the patient then must be granted access to their medical record within that full 60 day period. Some fees are allowed to be imposed from the covered entity to produce copies of the medical records, but there are also limits to those fees.
- Labor – This includes the time it takes to produce the hard or electronic copy of the records, and this can be imposed as an added fee but does not include the time it took to create or retrieve the patient information, only the time it took to print and deliver the entire document. The provider is NOT permitted to charge an added labor cost-per-page unless the medical record is:
- Maintained in paper form only
- The patient requests a paper copy or requests that the paper copy is scanned into an electronic format.
- Per HIPAA rules, a per-page fee is not permissible for medical records that are maintained electronically.
- Supplies – This includes the ink and toner used to make the copies which can be added as a fee. If the document is being delivered as a CD or USB, that can also be applied as a fee. If a CD or USB is used, it cannot be provided to the covered entity by the patient.
- Postage – This is the last billable item and can only be imposed as a fee if the patient requests their records be mailed.
Limits to Charging Fees for Medical Records
- Reasonable Cost – This reasonable cost-based fee includes:
- A reasonable cost of labor to create the electronic or paper documentation requested by the patient.
- These reasonable costs do not include reviewing, searching or preparing the record for copying.
- Inform Patient in Advance of Fees – The patient must be informed in advance of any fees being charged to produce copies of records, and they must be within the billable guidelines.
Costs That Cannot be Billed
Costs that cannot be billed as added fees include:
- Updates to computer systems
- Maintaining computer systems
- Capital for data storage
- Maintenance for your electronic medical record (EMR)
Overall, the maintenance of your EMR cannot be included as added fees to the patient. These are considered practice expenses.
Medical Records That Can Be Withheld
HIPAA does allow for the following medical records to be withheld.
- Psychotherapy notes
- Information that the provider has gathered for lawsuits
- Information that the provider believes could endanger the life or physical safety of the patient or another person.
Civil Money Penalties (CMP) for HIPAA Privacy Rule Violation
If a patient does not receive a copy of their medical records within 30 days (no later than 60 days), the CMP for these violations is $1.3 million. For covered entities that do not cooperate with investigations regarding these matters, the penalty is $3 million. Keeping informed and updated is vital for all covered entities to avoid having medical record penalties invoked.
Complying with HIPAA regulations is imperative for any medical facility to avoid accruing medical record penalties. Failure to provide medical records per HIPAA’s rules can lead to astronomical fines. Having a company such as Global Data Systems (GDS) can help ensure that covered entities and business associates are secured from online threats, as well as being updated and informed on medical and healthcare information to avoid medical record penalties.
For the best universal healthcare IT service provider, go to http://www.gdsconnect.com and stay connected to crucial information. With GDS, you will be provided healthcare IT service that will help keep you HIPAA-compliant so you won’t have to deal with any medical record penalties.