The AMA’s Patient Records Electronic Access Playbook helps healthcare facilities navigate patient access to medical records while maintaining HIPAA compliance.
Patients have the legal right to access their medical information in the format they choose, and the Patient Records Electronic Access Playbook clarifies healthcare professionals’ legal responsibilities for sharing that information.
According to the Playbook, which was released in early 2020, patients are not limited to only receiving their health information through the hospital or practice’s patient portal. They should also be able to receive records through unencrypted emails, provided that they are alerted of the potential security risk of unauthorized access.
The Playbook reminds physicians that before receiving information, patients must complete a request form, and healthcare providers must alert patients that their request has been received. Ideally, facilities should also provide patients with an estimate of when their records will be sent.
The Playbook also clarifies access by third parties, such as attorneys, and helps physicians navigate HIPAA compliance in these situations. Highlights include:
- Third parties are required to complete a HIPAA-compliance form if requesting access to a patient’s medical records if the request does not come at the patient’s discretion.
- Patients maintain the right to share their records with third parties.
The AMA Playbook reinforces that facilities cannot deny patients their medical records, even if the facility believes it may not be in the patient’s best interest.