Dx: Revolting.   Rx: Revolt.

Tuesday night, endorsement #906 on HealthDataRights.org came from a Judy Beckman, who says:

“I agree all the way I cannot get MY records unless I pay for MY records $1.00 per page WHY WHY these are MINE???????????”

Indeed, why? Whose data is it, anyway?

This spring I’ve been learning (slowly) about HIPAA – the immense and complex 1996 Health Information Portability and Accountability act – it’s become increasingly obvious that the law’s intent has just plain gone sour.

I’ve talked to people who were involved in creating it, and they say it just wasn’t supposed to turn out this way. But the way things have unfolded, your right to your data has gotten crushed under regulations that put unresponsive, unconcerned, unmotivated bureaucrats’ needs above your urgent medical needs.

No matter how desperate you might be, they don’t have to give you your data any faster than one month, and if they want, they can take a second month. And they can charge you whatever they want, subject to state laws.

In Regina Holliday’s case, it was 73 cents a page. In Judy’s case, it’s a dollar a page. In Texas, it can be $37 for the first ten pages. And so on.

I think this is revolting, and we should revolt. The law has been perverted, and it stands in the way of empowered patients trying to help their own cause. (And when I say “patients” I always mean caregivers, too. Patients’ rights to self-preservation certainly accrue to the ones trying to provide their care.)

As patient or caregiver, your time will come. It takes years for this industry to budge an inch, so you better speak up now. Add your endorsement to the Health Data Bill of Rights: click here.

Diagnosis: Revolting. Prescription: Revolt.


Posted in: general | hc's problem list | medical records | policy issues




22 Responses to “Dx: Revolting.   Rx: Revolt.”

  1. DJBM says:

    A similarly curious tale from the Great White North (Canada).

    Sadly our physician was struck with an illness which rendered her unable to carry on her practice. We were, like 20% of the population in Canada, left without a primary care physician. Her group practice were unable/unwilling to pick up her patients and so orphaned us. I requested a copy of my records and was told by a receptionist that they would not be released to me, only to another physician.

    Rather than argue with her I chose to put my request in writing and indicated that I would appreciate a call once they had calculated a “reasonable” fee for doing so; I would give them the go ahead to send them to my home address. This is, in fact, is their legal obligation (according to the College of Physicians and Surgeons of Ontario for those Ontarians who might be reading this). I never did hear back from the practice and to be honest had forgotten about it as I and my family were lucky to be in perfect health at the time…and, of course, we had been unable to find a new physician in the city we had relocated to.

    A couple of months later I received a call from a private company (what the CPSO refers to as a commercial record keeper) who indicated that they were in possession of our family’s medical records. For the sum of $150 per person, we could buy these records from them. I was …ummmm… a little miffed. I spoke with the manager of this group AND it is entirely legal for physicians to do this. In this case, where the physician is leaving the practice, they are also only required to retain records for two years rather than the statutory ten years. I hung on for the two years just in case we needed something from the record and then decided to tell them (politely) to shove it.

    I admit to being irrationally offended by this experience and committed to the principle that care givers are partners in my health but NOT keepers. In fact, they generally do a rather shoddy job as “keepers” of anything, but the practitioners we’ve had the pleasure to “partner” with in our health care have been very good. Not always the best communicators, collectively rather poor managers; but frankly, that’s not why I’m there to see them. Their experience, intuition and the ability to listen and act decisively if needed are very valuable to me. To allow a physician to arbitrarily sell my records to a commercial “keeper” (who I will have to trust is bound by rules of confidentiality etc.) just doesn’t sit right.

    Physicians keeping and managing their own comments on their medical records is quite acceptable to me. I don’t own those comments, but I sure have a right to see what they’re saying (and I am of the school that says there are few to no occasions where this shouldn’t be the case). Lab tests, whether ordered by them or not, referrals, discharge summaries, DI reports are all MY information which they use to practice their trade. I welcome the day (and I too believe that it’s not that far away now) when health systems will be truly patient centric, where patient’s control their data and who has access to it, and the data will not have to be sold to commercial “keepers”. Comments to that effect are popping up on the most conservative sites and from the mouths of folks who have tenaciously advocated for provider control in the past… I think that sites like e-patient and your tireless advocating are hitting home…even north of the border.

    Finally, and sorry for the length of this, but I think that it’s important to reiterate what so many believe, that opening the healthcare kimono and allowing patients to truly engage in their care is necessary (but not sufficient) to address the holy trinity. Who wouldn’t want to embrace a process which has the potential to reduce cost, improve quality and increase access?

  2. Ben says:

    As I have mentioned in several of my previous comments on this blog, the health insurance portability and accountability act creates ENORMOUS barriers to the adoption and creation of an electronic medical record system, which is a logical prerequisite to patient data access. Unless your data is in an electronic format, how can you expect to get a copy.

    The primary offender is a portion of the law known as 21 CFR part 11, sometimes abbreviated to 21CFR11. It is 38 pages of wonderful, government-authored language which is dense, complex, and (having been written in 1997 which is pre-history technologically speaking) extremely dated.

    As I have mentioned several times on your blog, any treating facility is going to be VERY hesitant to create a system which allows the release of patient medical data IN ANY WAY solely due to the fact that if there is the slightest problem, they are liable. As part of the HITECH act just passed by congress, in the case of patient data breaches, the offending institution must:

    – Notify a local news outlet of the breach
    – In most cases personally contact each person whose data was compromised
    – Report the event to a national registry
    – Submit a plan of how to address the breach

    And typically provide credit monitoring to all effected. This is a VERY EXPENSIVE problem to resolve. Why should a hospital spend $10-30 million dollars and 5 years implementing an electronic medical record system if all it does is massively increase their liability and possibly expose them to bankruptcy if there is patient data used incorrectly? To satisfy calls from patients for “access” to their own information? Can anyone show me studies that allowing patients full access to all their health data improves outcomes? I am playing the devil’s advocate here, but these are the types of issues that a hospital CEO will identify…

  3. ePatientDave says:

    New on e-patients.net: “Dx: Revolting. Rx: Revolt.” http://is.gd/1kb7y (about “give us our data!”)

  4. Deven McGraw says:

    The legal obligation to provide patients with at least a paper copy of their data exists regardless of whether or not the provider adopts electronic medical records, so any liability issues that exist with respect to letting patients see their treatment records are there regardless of the format. How is liability enhanced when that record is provided in electronic format?

    And those breach notification requirements that you reference? They apply to paper records as well.

    It’s hard to see how either of these requirements provide disincentives to moving to electronic records since they are “media-neutral”.

  5. ePatientDave says:

    HIPAA wizzes: please see “Ben’s” comment on “Dx: Revolting. Rx: Revolt.” http://is.gd/1kb7y – on track?

  6. DJBM says:

    A good point Ben…and perhaps one might expect that workflows, auditing practices and oversight in hospitals might put their patients less at risk than say in primary care practices. I’m not overly familiar with that literature.

    But then again, I would also suggest, that there are so few EHRs to which patients have access, that it’s not surprising that the literature in this area is sparse.

    So this is highly speculative, but it would seem to me that giving patients access to their lab results (viz. the Palo Alto Medical Foundation application) would help avoid the situation reported by Casalino et al recently in the Archives of Int. Med. where on average 1 in 14 abnormal results are either not reported (or are not documented as reported) by physicians. The range of failure rate is from 0 to 1 in FOUR ( a heads up to the patients in that practice may be in order). Now, I’ll admit that better workflows would help to address this issue. But I think that there are just enough jaded patients out there, that the “trust me I’m taking care of this” attitude doesn’t cut it any longer. One instance where quality of care could be impacted by access.

    Security is an issue undoubtedly. Funding the project is a huge issue, as is ensuring “actors” assume appropriate liability; but I’m not sure that anyone’s arguing those facts. The issue is getting agreement in principle and then collectively working towards the same goal…better quality care.

  7. Ben says:

    Deven – Two points:

    1) Paper is a completely different world than electronic when it comes to health information. Paper records can be locked in a cabinet – problem solved. There are also not the same requirements vis a vis hipaa as far as auditing or electronic signature and many other things. Basically from a compliance standpoint it is about 100 times easier and less work/money to stick with paper.

    2) The other issue with electronic systems is not giving a patient access to his or her OWN data, it’s giving access to a patient to another patient’s data, or any other person. Once you go electronic you open yourself up to liability that is inherent in ANY ELECTRONIC SYSTEM but unlike in other industries if you make mistakes the potential downsides are enormous.

  8. Good dialog here. Observations:

    1. “Paper can be locked in a cabinet – problem solved.” Um, no; what about the recent well publicized cases of paper records being found in dumpsters, or, as happened, in Boston, a big folder of them being left on the subway?

    (I won’t delve into the issue of paper records and x-ray films getting lost, because that’s separate from the privacy issue. But records being misfiled sure as heck affects my ability to count on my records being available when my life depends on them. That’s one reason I’m very happy to be at the Halamka/Levy/Sands hospital.)

    2. Re regulation: I’m no expert in government policy, just one random schloompf who depends on having this stuff work. But I have to say, if someone wants to provide a service without regulation, they should get out of the health care business and become a securities broker instead.

    Oops, except I don’t think that one worked out very well.

    3. General, again: As someone too naive to understand the complexities of policy, it’s always seemed to me that the first test of how something’s been set up is, is the job getting done? For things like road maintenance the consequence affects potholes and car abuse, so “the job’s not getting done” is not generally a desperate issue. (Exception: bridge collapses.)

    But in the case of healthcare, LIVES are at stake, people! Policy discussions that don’t focus on “the job to be done” are way, way off base in my view.

  9. RT @ePatientDave:New on e-patients.net: "Dx: Revolting. Rx: Revolt." http://is.gd/1kb7y Great Post and comment string

  10. Tom Stitt says:

    New on e-patients.net: “Dx: Revolting. Rx: Revolt.” re patient data http://is.gd/1kb7y <it’s my data, not yours> (via @epatientdave)

  11. djbaxter says:

    Actually, no. Those records are not your records. They may be ABOUT you but they are not yours. They are notes made by a health professional and belong either to that professional or to his employer (e.g., a hospital or clinic).

    The health professional is required to maintain the original records for a lengthy period of time, varying with the jurisdiction but typically 7 to 10 years, If you request your records, it is not an option to simply ship the originals to you. Rather, somebody has to make photocopies of the records and send you the copies. Either that will involve the time of the original professional, in which case s/he is entitled to some compensation for that time, or by an employee of the original health professional, in which case that employee will need to be paid.

    There is one additional factor: When it comes to records of mental health issues, the access to records legislation in most jurisdictions allows for exemption of certain records that may be damaging to the emotional or mental health of the patient. While those exemptions are rather striongent and subject to challenge, it does mean that somebody with professional expertise needs to go through the records to decide whether anything in the records might be deemed to meet the criteria for exemption. That’s more time.

    When you look at all these factors, I’d say that $1 per page is pretty cheap.

  12. djbaxter,

    I understand and support the professional’s desire to be compensated, but are you saying that didn’t already happen?

    And if you want to get into “$1 a page is pretty cheap” then let’s start negotiating price. How much is “a page”? Want to set a price on the individual facts? Are you pricing based on how many pages you took to generate a given amount of information?

    If you keep your records electronically in a system that knows how to export (a process that takes seconds) then does your reasoning about “someone has to make photocopies and send them” fall apart? It sounds like the banking business ten years ago, where copies of printouts had to be made. Ten years from now when medicine has caught up I hope your thinking would adjust accordingly.

    But even today, since you’ll still have the originals, are you basically billing us just for the copy? When my chorus buys copies of a song for training purposes it’s called the “mechanical license” – are you asserting similar copyright on your writings?

    Most of all, if you would withhold that information, extorting cash, because I need to get care elsewhere, then I don’t know how you sleep. (What do you think about Texas’s $37 for ten pages?)

    All I know personally is, if you want to price your work that way, go ahead, but I’ll go far out of my way to avoid such practices, and I imagine you’ll find an ever-decreasing number of patients who’ll tolerate that business model.

  13. djbaxter says:

    First, regarding retaining the original notes, I did not say that it was my choice to to so. I said I was required by law to do so. So yes, you may get copies but you may not have the original notes.

    Second, in response to your question – “I understand and support the professional’s desire to be compensated, but are you saying that didn’t already happen?” – yes, that is what I’m saying. I provided services to the patient and for those services I received my regular fee. But I am a self-employed professional and I my income is based on my time. If I have to spend 30-60 minutes reviewing and copying a file, am I not entitled to expect some compensation for that? I don’t expect to recoup my regular hourly rate because quite frankly I know that’s not going to happen. But it is my time that’s providing those copies and, yes, I do feel that I am entitled to some compensation for the use of my professional time.

  14. Ah, well, the cost of copying is legitimate. I don’t object to people being paid for fair costs, of course. (I donate my time to charities, including the Society, but I don’t donate my time to my job!)

    I also spent 10-15 years self-employed so I know what you mean about that too.

    If we can get the cost down to almost zero, like downloading a bank statement, would that resolve the concern? Would you then be inclined to let people take them for free, themselves, by logging in to some imaginary web site, like today’s bank web sites?

    Good discussion.

  15. djbaxter says:

    In the case of mental health services, there is still the issue of screening information likely to negatively impact the patient’s mental health, but I am certainly not anti-technology. I do have concerns about who will construct the systems for recording and disseminating medical information, of course. There are too many existant examples of hacked or simply careless electronic storage of credit card and other financial information, and frankly to date I am particularly not impressed with the ability of government or other bureaucracies to do anything in an efficient and secure manner. For example, suppose you claim to be me and request my medical records… what safeguards are in place to ensure that you are who you say you are, and to protect me if, in fact, you are falsely claiming to be me?

  16. ben says:

    “There are too many existant examples of hacked or simply careless electronic storage of credit card and other financial information, and frankly to date I am particularly not impressed with the ability of government or other bureaucracies to do anything in an efficient and secure manner.”

    This is what I was trying to point out with my paper example. Paper is certainly not DEVOID of risk of loss or breach, but a sufficiently intelligent hacker (or even a disgruntled employee!) could easily make off with MILLIONS of electronic patient records on a thumb drive, whereas bits of paper are large, heavy, and unwieldy making it practically difficult to make off with large amounts of patients’ information.

    “But I have to say, if someone wants to provide a service without regulation, they should get out of the health care business and become a securities broker instead.”

    I don’t have a problem with regulation per se. But saying “every field has regulation, deal with it” when the specific regulation in question actually makes things WORSE is not a solution. HIPAA needs to be reformed.

    “But in the case of healthcare, LIVES are at stake, people! Policy discussions that don’t focus on “the job to be done” are way, way off base in my view.”

    This is a good point, but it brings me back to my original question: Can anyone show me literature or studies that show that increasing patient access to their own data improves outcomes? I’m not saying that they don’t, I’m perfectly willing to concede that they may, but I haven’t seen any evidence, pro or con.

    As a technology person, I am a huge advocate of information wants to be free. I am also a patient, which when coupled with being an informaticist, means that I also would like to see ALL my health data. But from the perspective of the CARE-GIVERS, implementing electronic systems is very expensive, very time-consuming, and (unless someone can show me evidence to the contrary) does not necessarily improve outcomes. It may save money in the long time in terms of efficiency, but it’s a tough sell to a CEO to say that up-front investment of $30m is required to save you $300,000/year in perpetuity. :)

  17. DJBM says:

    Ben, you’ve again raised an interesting point and one that many governments are grappling with; that the benefits of digitizing health information often accrue to the system (or others) rather than the “investor”. It’s for this reason that many funders have already or are in the process of supporting providers who are reluctant to adopt for financial reasons. But that issue is a bit of a red herring methinks. While they might grumble (and so they should) that many EHR applications are not user friendly, I don’t have a physician friend or colleague who, a year after they’ve deployed, would go back to the way they practiced with paper. There are many advantages to EHR, many of which are lifestyle benefits (i.e. physicians being able to work from home on paperwork rather than having to stay at the office or haul charts home)…but I digress.

    The issue of patient engagement which many think would be jumped started by ending the discussion on who “owns” medical records is the issue. No argument here…a provider “owns” the notes which they record on their care of a patient. The issue many have is that, as system gatekeepers, physicians then stake claim (with historical precedent) to controlling access to all medical records. It’s enabled by the system. For instance, here a patient requesting a copy of their record from a hospital may do so, in writing, for a cost of around $50. The document arrives in the mail 4-6 weeks after the request.
    A family physician however, can speak with the same medical records department and have a copy of the medical record faxed to them, same day, for…you guessed it. Free.

    Back to the issue of evidence of quality outcomes that you’ve invoked again. We have to remember again that context is everything…if patients are more satisfied does this equate with improved quality (in my books it does but it’s arguable)? Here’s one example http://www.longwoods.com/view.php?aid=20369&cat=330

    But while the studies are limited as yet, there are studies which suggest better compliance with chronic disease treatment, accuracy of records, improvements in communication to name a few of the benefits. As an aside, it’s important to note that the toughest audience an EHR will ever play is front of a health insurer crowd…and there are numerous of them who have plans to introduce PHRs over the next year…so clearly there’s a business case in it somewhere.

    Of course there are security issues. But they can and are being addressed progressively. This is by no means a simple issue, but the dialog between the medical profession in particular, and funders and consumers must take place. Providers stomping their feet and holding their breath saying they don’t want to play is just not productive…particularly when we all know that everyone’s first priority is delivering better quality, more efficient care to all citizens. The alternative to not engaging in the discussion will be, I suspect, that people will just innovate around what they see as an unjustifiable roadblock – this is already happening with HealthVault, Google and others agressively entering the PHR market. In other words, you innovate or die in this current environment.

  18. Ben says:

    “we all know that everyone’s first priority is delivering better quality, more efficient care to all citizens”

    I hate to sound like a pessimist, but I’m not sure that you can take this statement as fact. For example the first priority of many publicly-traded health insurance companies is to maximize profits and shareholder value… Ditto for drug companies. Not that I am against that, but there are more motives here than just delivering quality efficient care. If cost were not an issue I think we would already HAVE the quality efficient care. I will refer you to this article and then shut up :)


  19. Agreed, Ben, re everyone’s first priority, especially re insurance companies. Very important that everyone in this game read the newly released words of Wendell Potter, who spent 20 years in PR for big insurance companies.

    He’s become disgusted (revolted?) and is telling the truth about eating breakfast on gold-rimmed china on the company jet after seeing a poor people’s “health fair” where medical volunteers delivered care in the animal stalls on the county fairgrounds. Read. Important.


    He says whenever we hear scare statements about “government run healthcare” we should be aware that that’s a consciously designed bogus tactic concocted by the insurance PR people to protect profit margins, and patients be damned. (Well, he didn’t say the “be damned” part explicitly, but that’s the clear consequence, as shown in his story.)


  20. Ben says:

    Thanks – I will read it!

  21. DJBM says:

    Chilling..but for those north of the border, one of the comments from another former CIGNA employee was even more so…
    “Currently, we are working on influencing the legislature in Quebec, Canada to change the rules to open them up to the American style of health care. Our analysts have determined that once 15% of a population buys their own private health insurance the voters can be influenced to legislate the socialized system away. The reason the percentage is only fifteen percent is that those are the richest and most influential citizens. If you get that 15% to lead, then the herd will follow. Quebec is not that lucrative but once Quebec falls then Ontario will be open and that market is the size of Michigan!”

    Let’s hope these are delusio

  22. LGRAMA says:

    I was surprised when I saw the detailed medical records that my parents had in India. These records were provided by their doctors and they took them in to their doctor’s offices when they had an appointment. After each visit, the file was updated with the latest results, prescriptions, and other relevant information. They could not believe that their doctors in the US would charge them to keep their records updated and complete.

Leave a Reply