With this recurring column, Elite Healthcare provides readers with insight related to the legal implications of healthcare – offering practical guidance on scenarios that should be avoidable and providing suggested courses of action when appropriate. The examples provided here are those that all providers should be aware of, but many aren’t or are negligent despite their awareness. Don’t let your practice be compromised.
Even with the litigious society in which we live today, physicians and other healthcare providers seem to routinely ignore record requests and assume there is no need for attorney assistance. Record requests should not be ignored. Of course, the source of the request will govern the response. The informed, prudent clinician calls his or her attorney upon receiving such a request. The various types of requests one may receive include:
- A state licensing board requesting medical records. Depending upon the state, clinicians are required to provide patient records within a certain period of time. A failure to provide the records within that amount of time is itself a violation that can result in license sanctions. Often, an initial letter of representation by your attorney “stops the clock.” It is important to make sure that the material being shared provides a certain context. Failure to supply consultation reports, lab results, intake notes, and other records, may not serve best interests. Consult with an attorney first.
- An attorney, in a malpractice or personal injury suit, may request records. Unlike a state board request, these must be accompanied by a HIPAA compliant for and signed by the requesting patient for a copy of the records. If a provider believes that this could be the first step to a malpractice action, the insurance carrier should be notified in writing. Save a copy. Many policies require this. Failure to do so could result in the insurance carrier disclaiming coverage.
- If an insurance company that the provider participates in requests records, they must be provided according to the signed agreement with the carrier or plan. If the provider anticipates being audited, an attorney should be contacted prior to records being sent. Participating providers do not need signed HIPAA forms by the patient to provide these records.
- Non-participating providers can be audited, and the insurance company can request patient records. However, this is considered somewhat controversial, and providers would be wise to ask for signed HIPAA compliant permissions to be provided by the requesting company from the patient. An attorney should be consulted prior to sending anything in this regard.
- Enforcement Highlights. HHS. 2019. Accessed online: www.hhs.gov/hipaa/for-professionals/compliance-enforcement/data/enforcement-highlights/index.html
- HIPAA News Releases & Bulletins. HHS. 2019. Accessed online: https://www.hhs.gov/hipaa/newsroom/index.html