Skip to Content

Hospital Association Fights Digital Data Access for Patients

You can get information on your recent stay in the hospital under two conditions:  you have to ask for it and you have to give the hospital 30 days to respond.

Proposed regulations would streamline that process, by requiring hospitals receiving taxpayer subsidies to purchase electronic medical records (EMR) to provide patients with a summary of their hospital stay, that is on-line and downloadable – within 36 hours of being discharged.

A major hospital association – the American Hospital Association – believes the current “ask and wait” process is good enough, according to comments the association filed about the new proposal to the Centers for Medicare and Medicaid Services (CMS).

Delay in getting patients critical information about their hospital stay could have an impact on their ability to recover.  Patients should expect hospitals to be their partners in health care – but in no partnership that I’m aware of does one side get to hoard all of the relevant information.

AHA reasons that HIPAA provides all of the rights patients need to access their health information and questions whether CMS has the authority to use the EMR meaningful use incentive program to achieve more meaningful patient health information access provisions.

HIPAA includes provisions that require hospitals and other health care providers to provide a patient with access to his or her health information upon request.  CDT has an entire page of its site dedicated to informing patients and their families about this right. In a digital world where we can easily and securely access information about how much money is in our checking accounts and renew a driver’s license online.  HIPAA provisions giving the patient rights to access data are badly in need of a 21st century upgrade.

The argument that the existence of these HIPAA provisions prevents CMS from imposing more meaningful access to patient data as a condition of receiving substantial taxpayer subsidies is the legal equivalent of a “hail mary pass” (or an attempt to throw spaghetti on the wall to see if any of it sticks). HIPAA is a baseline health privacy law, and laws that provide more rights to patients are expressly not preempted. If a state were to take CMS’ proposed meaningful use requirements and make them law, that law would stand as not being preempted by HIPAA.  There’s no basis for the argument that CMS can’t create conditions on meaningful use dollars that give patients greater rights.

Congress specifically stated in the HITECH legislation that created the EMR meaningful use incentive program, that the federal government’s health IT programs should focus on advancing the delivery of patient-centered care, protecting the privacy and security of electronic health information, and prioritizing the ability of individuals to securely access their health information.

From a legal standpoint, CMS is on firm ground in its decision to encourage patients to take an active role in their care by creating an innovative program that provides immediate access to health information useful to their continued care and recovery. If only the hospitals would agree.