medRxiv, a health manuscript archiving company, conducted a study in which they sent 51 healthcare providers medical record requests. The purpose of the study was to determine if healthcare providers are compliant with the HIPAA right to access. However, the record request had practical applications as medRxiv used requested records to create a legitimate consumer platform that facilitates patient access to their medical records. 

Requests were made for 30 patients records with an average of 2.3 requests per patient. Each of the 51 providers were given scores based on HIPAA right to access requirements. HIPAA requires providers to accept requests via email or fax, the records must be provided within 30 days, they must be sent in the format requested by the patient, and the fee associated with the request must be reasonable.

Do you have an effective HIPAA compliance program? Find out now by completing the HIPAA compliance checklist.

HIPAA Right to Access Study Results

The scores given were based on star-ratings, a 1-star rating was given to providers that accepted the request, but did nothing else. A 5-star rating was given to providers that went beyond HIPAA requirements by providing records at no cost to the patient, sending copies within 5 days, and accepting forms that were non-standard. 

The results of the study are as follows:

  • 30% of providers were fully compliant
  • 71% of providers would not have been compliant with HIPAA right to access had the request not been escalated to supervisors
  • 51% of providers were either partially compliant or requests had to be escalated to supervisors multiple times before records were received
  • 27% of providers scored 1-star 
  • 12 providers received 1-star ratings for failing to email records at the request of the patient
  • 1 received a 1-star rating for refusal to send records to the patient’s named representative
  • 1 received a 1-star rating for charging too much for records
  • 24% of providers scored 2-star (complied but only after escalated to supervisors multiple times)
  • 20% of providers scored 3-star (complied after one call to supervisor)
  • 12% of providers scored 4-star (complied without supervisor assistance) 
  • 18% of providers scored 5-star

In addition, researchers called 3,003 healthcare providers to conduct a phone survey on their compliance with HIPAA right to access. 

  • 56% of providers are likely not compliant with HIPAA right to access requirements
  • 24% of providers were not aware of limitation to fees they are allowed to charge patients for providing copies of their medical records

With the widespread confusion surrounding HIPAA compliance, it is best to consult an expert to ensure that you are fully compliant with all regulatory requirements. 

See How It Works