Understanding HIPAA, patient privacy laws, and medical records requests
Federal and Texas laws protect your privacy and rights to your healthcare information
As a Houston, Texas medical malpractice lawyer, my office deals with medical records constantly. In doing so, we deal with the federal HIPAA law every day.
HIPAA is a short name for the Health Insurance Portability and Accountability Act of 1996. It became law in a period when electronic information was still emerging, and was aimed at ensuring patient privacy. The law defines covered entities, which include healthcare providers like hospitals and doctors, and requires them to implement privacy standards and security standards for “protected health information.”
Overall, I believe that HIPAA is a good law that helps maintain the confidentiality of our personal protected health information. From time to time, patients and family members call our office because they are angry about an improper disclosure of their protected health information. Often, they want to sue the hospital or doctor’s office who they believe violated HIPAA.
Unfortunately, the HIPAA statute does not create a private federal cause of action for patients, which means that they cannot file a lawsuit. I recommend that patients file a complaint about a potential HIPAA violation with the U.S. Department of Health & Human Services.
Some states, not including Texas, though, have been moving toward recognizing the federal HIPAA law as the relevant standard of care for state law breach of privacy claims. The Connecticut Supreme Court has actually declared that HIPAA establishes the standard of care, while nine other states have considered HIPAA and evaluating the standard of care.
HIPAA and medical records
One of the other ways that HIPAA comes up in our practice is medical records requests. Since HIPAA became law, healthcare providers have been required to obtain a medical records authorization from patients or their representatives, before releasing medical records.
While this is a good practice that minimizes the risk of accidental disclosure, hospitals and offices vary in their requirements for such authorizations.
We have encountered some Houston-area hospitals that have refused proper records requests because the patient signature on the authorization does not adequately match, and in the hospital’s opinion, the patient signature found within the hospital’s medical records.
Other facilities insist on having a patient or representative use the hospital’s own HIPAA-compliant medical records authorization form.
When it comes to a deceased patient, hospitals widely vary in terms of whom they will accept as a representative for the purpose of signing a medical records request.
While I believe that all of these roadblocks are unreasonable and could be challenged, I generally think the better and more time-conscious approach, whenever possible, is to accommodate the facility requests.
New laws and medical records
Many of our clients and potential clients expressed frustration and dismay at the cost and length of time it takes to obtain their medical records.
There are two relatively new laws that we have found helpful, when it comes to medical records requests.
The federal HITECH Act, which is short for the Health Information Technology for Economic and Clinical Health Act of 2009, caps the excessive fees that some healthcare providers attempt to charge for providing medical records. Under this law, covered entities may charge a flat fee of up to $6.50, or use other options that are based on actual allowable costs. Using this law, we challenged a medical records invoice from a suburban Houston hospital that was over $3,000, and got it reduced to $6.50.
In terms of timing, Texas House Bill 300, which is codified at Texas Health & Safety Code chapter 181, imposes a 15-day deadline for producing medical records in response to a patient request. If the healthcare provider has electronic medical records that are capable of fulfilling the records request, then they must be produced within 15 days of receiving the request, and electronic format, unless the patient agrees to another form.
We are here to help
At Painter Law Firm, in Houston, Texas we understand medical records because we represent patients and family members in medical malpractice and wrongful death actions. For a free evaluation of your potential case, call us at 281-580-8800.
Robert Painter is an attorney at Painter Law Firm, in Houston, Texas. He is a former hospital administrator who represents patients and family members in medical malpractice and wrongful death lawsuits against hospitals and physicians.
Robert Painter is a medical malpractice lawyer at Painter Law Firm PLLC.
November 16, 2018 opinion in case styled Sue Abshire v. Christus Health Southeast Texas d/b/a Christus Hospital—St. Elizabeth, Case No. 17-0386. [...]read more
Learn a little-known way to improve your safety when it comes to medical test results [...]read more
November 16, 2018 opinion in case styled Sue Abshire v. Christus Health Southeast Texas d/b/a Christus Hospital—St. Elizabeth, Case No. 17-0386.
Learn a little-known way to improve your safety when it comes to medical test results
Our experienced medical malpractice lawyers know how to investigate cases to learn whether the rough emergency standard applies
Life care plans & future medical care in brain & birth injury & catastrophic medical malpractice cases
Contrary to popular belief, Texas law doesn't cap a jury's award of future medical care
Hospital's 12th violation since March 2012