A year ago my full service personal health record provider (PHR) requested my medical records from my primary care provider, and for the past twelve months they’ve been going back and forth with the office staff as they try to get the data faxed over.
This was never going to be easy. My current PCP loves his EMR and was an early adopter, but the PCP before him kept old school charts and wrote copious records in scrawl on the back of any piece of paper that was nearby, resulting in a chart that was several inches thick and completely incomprehensible to anyone other than him.
One of the advantages of my PHR company is that they promised to convert that data into a historical record in their system, complete with lists of medications and procedures performed. I paid around $99 for this service when I signed up, and over the next three to six months the data dribbled in as my doctor’s begrudgingly released their treasure trove of records.
Larger practices, where I had been a patient, were the first responders, probably because they had staff who knew how to send the data from their EMR using the “print to fax” function. Smaller practices took their own sweet time, but eventually they all complied, and a mess of data was manually crunched into something resembling an actual personal health record.
My PCP was the standout. I’m guessing this was largely because of the paper data, though I would have been happy enough to discard that mess if they’d asked me politely.
When my provider sold his practice to Rochester Regional Health System, the game continued, until last week a new card was played; one that I am intimately familiar with. I received a phone call telling me that to gain access to my data, I would need to fill out the RRHS authorization form, and resubmit the request, thus effectively restarting the clock.
This is, of course, utter bunk. There is no federal provision for the use of any particular form, and the request my PHR vendor sent, was, our corporate counsel assures me, completely legal and binding. Each of the required elements of a HIPAA compliant authorization were present, yet RRHS states that;
.. the Authorization Form SH 48 may not be altered, with the exception of the contact information in the upper right-hand corner.
Each day patients around the country run into this mess and are duped into complying with an archaic procedure. It’s a sad state of affairs that makes it difficult for people collecting records for the purposes of aggregating it into your PHR to gain the necessary access to your data.
Ah ha, you say, this problem will soon pass into insignificance! Patients will just use their portal accounts and pull the data directly from the EHR using blue button, and bypassing the medical records office in one fell swoop.
The problem is that such a reality will rely on a patient’s ability and willingness to move the data. When we’re dealing with sick, or non-computer literate patients, we don’t have this capability to draw upon. In such cases, patients won’t be able to go and use the blue button functionality, and the PHR or other system will generate an auth form on the patient’s behalf, and send that directly to the provider’s office to obtain the release.
Today, a large percentage of providers officers won’t accept an automatically generated release form on security grounds. Yet they will accept a signed form, even though they don’t have a reference signature to compare to for authentication purposes.
It boggles the mind.