Latest Bulletins
April 2003
Health Law Newsletter
HIPAA’S Effect on Some Common Issues
Facing Health Care Providers
by Katherine A. Robertson, Esq.
HIPAA’s privacy regulations may have an impact on various issues that arise regularly in most health care providers’ operations, including the following:
1. Copies of Medical Records.
In addition to provisions increasing the protection for patient privacy, some of HIPAA’s provisions are aimed at increasing an individual’s access to, and control over, the content of his or her medical records. Accordingly, HIPAA regulations limit how much a health care provider may charge when the patient requests a copy of his or her records containing protected health information or asks for a summary or explanation of information in his or her medical record.
HIPAA regulations say that a health care provider may charge a “reasonable cost-based fee” for providing a patient with a copy of medical records. A provider must be able to justify the fee based on the costs of copying, including costs of supplies, labor and postage. Providers may not charge a patient for the costs of retrieving records or processing a request. If a patient requests an explanation or summary of the contents of his or her medical record, the provider may charge the patient for the labor costs of preparing the summary. Current Massachusetts regulations that apply to physicians provide that a fee for copying in excess of $.25 per page or for clerical work in excess of $20.00 per hour is unreasonable. Massachusetts regulations further provide that a patient is entitled to a free copy of his or her medical record if the record is requested for purposes of supporting a claim under the Social Security Act or any federal or state financial needs-based program. These state regulations most likely will be deemed reasonable and enforceable under HIPAA.
The fee limitations in the HIPAA regulations generally do not apply when someone other than the patient, such as a lawyer or an insurance company, requests a copy of a patient’s medical records.
2. Responding to Subpoenas.
With a few exceptions, the Massachusetts laws that apply when a provider responds to a subpoena for medical records appear to be more protective of a patient’s privacy than are HIPAA’s regulations. These state laws will likely continue to govern a provider’s obligations when the provider is responding to a subpoena issued under Massachusetts law. There are a number of variables even under these state laws, however, including whether the party whose records are sought is named in the caption of the case on the subpoena and the nature of the information in the record sought (for example, does the record contain information about HIV status?). Some of the issues that will face a provider responding to a subpoena for medical records after April 14, 2003, when HIPAA’s privacy regulations go into effect, will need to be resolved by the courts.
Until these issues are resolved, the most prudent course may be to request a written authorization from a patient (in a form complying with HIPAA requirements) before responding to any subpoena for a patient’s medical records.
If you would like legal assistance in preparing or reviewing your policy on charges for providing copies of patient medical records, or in responding to a subpoena for medical records, please contact Kelly A. McCarthy, Esq., Coordinator of the BR&G Health Law Practice Group, at (413) 272-6306.
Katy Robertson is a partner practicing in the firm’s Litigation/ADR Department and its Health Law and Employment Law Practice Groups. She can be reached at (413) 272-6215.
