Scorecard Aims to Improve Patients’ Ability To Access Medical Records, Serves as Warning

When it comes to pleasing patients, what hospital or physician wouldn’t want five stars? For decades, provider organizations and others have had to prove their mettle through HEDIS ratings and patient satisfaction surveys. But how they were doing when it comes to HIPAA compliance was anybody’s guess, except for the rare organization that publicly faced sanctions imposed by the HHS Office for Civil Rights (OCR).

As RPP was going to press, OCR announced its first settlement agreement over a records access request OCR said was fulfilled months late (for more information, see http://bit.ly/2lMrP3i). The October issue will explore this settlement agreement, for $85,000 with a health system in St. Pete, Florida, in more detail.

The settlement comes on the heels of the “Patient Record Scorecard,” a new initiative to rate how well covered entities (CEs) comply with the right of access to medical records, guaranteed under the privacy rule. The early results of this fledgling effort are not so good and could give OCR more easy enforcement targets, although the developers of the scorecard say that’s not their goal. Of 51 organizations that received a records request, just nine rated five stars as part of the project launched by Ciitizen Corp., a health care records startup firm initially focused on assisting patients with cancer. Among the aspects measured were how quickly records were sent and whether patients were able to get them in the “form and format” of their choosing, as required under HIPAA.

Founded by former Apple Health Director Anil Sethi, Ciitizen also has at its helm Deven McGraw as chief regulatory officer. McGraw left her position as OCR’s deputy director for health information privacy to join Ciitizen in 2017 (“HIPAA Doesn’t Mean ‘No’: McGraw Shares OCR Insights as She Joins Records Start-Up,” RPP 17, no. 11.)

RPP has documented problems with access compliance at least since 2014, and even the Government Accountability Office has chimed in (“GAO Opens Pandora’s Box of Records Access, Finds Variable Fees, Widespread Frustration,” RPP 18, no. 6.)

Ciitizen released the scores for the 51 organizations in August, then provided a quick update early this month. To bolster its findings, Ciitizen also conducted a phone survey of 3,000 CEs to see if their processes showed they were likely or unlikely to be compliant in handling a records request; those groups didn’t fare much better.

This document is only available to subscribers. Please log in or purchase access.


Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field