By Diane L. Marolla, LICSW
Do you know what is in your medical record?
While listening to a morning news show there was a brief update on medical topics and news by Dr. Sanjay Gupta. Dr. Gupta is a popular medical reporter that I became familiar with when I used to watch CNN. I have always been a fan of Dr. Gupta because he is able to take complicated medical topics and report on them so that anyone can understand and learn. Recently, in one of his reports, he talked about the importance of consumers knowing what is in their medical record. As I listened to his report, I thought it would be a good topic to cover as most people have never looked at their medical records. According to the Web MD article “What does your Medical Record Say About You? By Julie Edgar “less than 5% of patients with access to medical records bothered to look at them.” “Most patients don’t care unless it affects them, like a diagnosis that has a social stigma” or a diagnosis that will impact them getting insurance.” Years ago, our medical records used to be on paper. Some smaller offices still use paper records; however, larger practices and hospitals have moved to what is called an EHR, which stands for Electronic Health Record. An EHR is an electronic record where information can be electronically transmitted.
As a patient and a consumer of health care, you have a right to know what is in your medical record. You have this right under the Health Insurance Portability and Accountability Act (HIPAA). If you want to know what is in your medical record, ask your doctor or health care professional for the information. Your doctor or healthcare professional may ask that you put the request in writing. Additionally, they can charge you for that record.
When you receive your medical record, be sure to review the information. If there is something in your medical record that you don’t understand, ask your doctor or healthcare provider for an explanation. Also, look for errors in your medical record. Sociologist Ross Koppel, PHD recently told CNBC that “about 70% of patient records have wrong information.” In that same CNBC report, a patient reported that her medical record had errors that she gave birth to two children and had diabetes. Recently, I was sent a letter in error after I had a mammogram and ultrasound. The letter stated that I needed to follow-up with another mammogram because something was showing in my mammogram even though I was told, after both the mammogram and ultrasound were completed, that nothing of concern showed.. I immediately called the office, and they admitted that it was sent in error. I requested that they send me something in writing to confirm that the letter was sent in error, which they did.
Although HIPAA is a federal law that was passed to protect health information, know that your medical records and what is in them is not completely private. Your health insurance company has lots of information on you because they have to pay any claims related to your care. In addition to paying your claims, your health insurance company will use your medical information to authorize procedures that your doctor or hospital is requesting that you need. Your health insurance also may ask for your medical record if they suspect fraudulent billing. Also know that your health insurance companies, often have “Business Agreements” with external companies, where your information is shared with a third party.
Recently, I switched health insurance companies. After getting about 30-40 pages of paperwork from them in the mail (that I still need to read and digest), I noticed a form asking if I wanted to “opt out” of certain information being shared. As I read that document a little closer, it described that the health insurance company would be sharing “personal information” that they collect such as my name, address, policy coverage, premiums, and payment history from transactions with them, their affiliates, and others”, UNLESS I opted out of this information being shared. I did opt out of my personal information being shared, but what struck me is that the information would have AUTOMATICALLY been shared if I did not opt out. I thought to myself, I bet most people don’t opt out to having their personal information shared.
Health care professionals, hospitals, and health insurance companies do spend a lot of time and money to ensure your information is protected. Having worked for hospitals and health insurance companies for over thirty years, I can attest that they do everything possible to ensure that your information is protected. Hospitals, health insurance companies and large health care practices employ staff to ensure that the information is compliant with state and federal laws, that their data is kept secure, and that staff are trained in how to keep patient information protected. Unfortunately, despite all of the efforts, data breaches do occur. In fact according to beckershospitalreview.com website, “breaches in the U.S. healthcare field cost $6.2 billion each year. The average cost of a single data breach across all industries is $4 million, according to a 2016 study from IBM and Ponemon Institute and approximately 90 percent of hospitals have reported a breach in the past two years.” If there is a breach, federal law does require health care professionals and health insurance companies to notify you. Additionally, they have to report the breach to the Secretary of Health and Human Services.
If you want to find out more information about your rights as a patient and how your information should be protected, I recommend going to the HHS.gov website. On this website you will find easy to understand fact sheets and videos that explain your rights under HIPAA as well as other helpful information. Also, I recommend you go to: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf as this website lists all of the healthcare data breaches that have occurred, and which health care entities they occurred at. This data base is easy to use as you can sort the breaches by state.