MANY readers were shocked by my recent article about Peter Drier, who received a surprise bill of $117,000 from an out-of-network assistant surgeon who helped out during his back operation. But almost as surprising was how difficult it was during my reporting for Mr. Drier to extract his own records from the hospital.
He wanted a copy because he enjoys adventurous travel and he needed a record of the surgery in case of injury; I wanted to see the chart to make sure nothing unusual had occurred in the operating room that might justify the enormous bill. Hospitals are computerized, and patients have a right to their own records, so I assumed getting the chart would be easy.
I was wrong. The six-week ordeal included requests that needed to be made via regular mail, numerous phone calls, consent forms and an estimate for copying fees that totaled $100. This was topped off by an actual visit to the hospital by Mr. Drier, who sat in an office until he had paper documents in hand.
In a digital age when we can transfer money to purchase a house online or view a college transcript by logging on to a secure website, why is it so often difficult for patients to gain access to their medical data? And who controls our health information?
“You should be able to walk into a provider’s office and say, ‘I want a copy’ — you are legally entitled to that,” said I. Glenn Cohen, a professor at Harvard Law School, noting that there were only a few exceptions, such as for prisoners. But the reality is that many hospitals and doctors have created a series of hurdles that must be cleared before patients can get their information. And many of those hurdles, experts say, are based on the economics of medicine.
“The medical record is held hostage,” Professor Cohen said. “The reason is often to keep a customer or keep a patient from leaving the practice.”
Some providers contend that releasing information might somehow compromise patient privacy and confidentiality concerns laid out in Hipaa, the Health Insurance Portability and Accountability Act of 1996. But that legislation was created at the dawn of the Internet era, when there were worries that sensitive health information that could embarrass patients or leave them vulnerable to discrimination would be too freely accessible. Internet security systems have greatly improved, and it is no longer legal for insurers to reject applicants for pre-existing conditions.
“When hospitals talk about Hipaa or charge for releasing records what they’re really saying is, ‘I don’t want to do this and I have to find an excuse,’ ” said Dr. David Blumenthal, president of the Commonwealth Fund, who was previously President Obama’s national health information technology coordinator. “Hipaa is used in all sorts of distorted ways, because ‘protecting privacy’ sounds good.”
This summer, for example, Michael Madrid, 47, a software developer in New York City, saw an orthopedist because of knee pain and was sent for an M.R.I. When he called the office for results he was told he had to come in to get them, to protect his “privacy.” The scan showed a small ligament tear that required no treatment, and Mr. Madrid was billed $170 for a second visit.
He complained to the doctor and the hospital and on Yelp. He asked the Department of Health and Human Services about Hipaa concerns, which said there were none. “It was a huge inconvenience,” he said. “I had no privacy issues. This was irrelevant. They could have put my M.R.I. on Twitter and Facebook.”
Government mandates, meanwhile, are laying the groundwork for more sharing. Legislation passed in 2009 prods hospitals and doctors’ offices to convert to electronic records, a changeover that officials estimate is more than 80 percent complete. But the next step requires health providers to show they are using that capability to begin better sharing medical information with patients and one another. That will begin to phase in next year.
BUT resistance is likely to be fierce from some corners, since sharing data goes against hospitals’ and doctors’ financial interests when they are jockeying to hold on to patients in a competitive market. The more health care providers restrict the release of records and lab results, the harder it will be for patients to leave. And the companies that design electronic medical record software also don’t want patients to leave their orbit, any more than the makers of P.C.s want to facilitate a move to a Mac. In fact, Professor Cohen said, many programs are built so that they cannot share information with one another.
Although doctors and hospitals legally own their medical charts, patients have a right to have access in a timely manner — Hipaa requires a response within 30 days of a patient request — and at a reasonable processing cost. In the end, Mr. Drier spent six weeks trying to obtain the paper record of his back surgery — though he would have preferred a digital copy. That may or may not have exceeded the 30-day deadline stipulated by law, depending on how the days are counted. But is that “reasonable” in an age when most information is available with the click of a mouse?
A better flow of information would benefit both patients and the health care system as a whole, Dr. Blumenthal said. If patients possess their records they can choose and move their care at will, picking doctors and testing sites that are cheaper or more to their liking. Likewise, if records can be transmitted with the ease of emails, doctors in different locations can better dispense treatment, avoiding the need to repeat tests. On a larger scale, the release of data that is now trapped in hundreds of hospital systems and thousands of doctors’ offices is crucial for researchers, Dr. Blumenthal said. They could use it to identify trends in overuse or unrealized side effects. (For research purposes, the data can easily be released in a way to protect patients’ identities.) “The nation is on a journey toward more accessibility,” Dr. Blumenthal said, though it still has “a long way to go.”
Linda E. Fishman, senior vice president of the American Hospital Association, said that while the organization supported patients’ rights to their information, providing it was not always simple. “Responding to requests is more difficult than it should be,” she said, because “the entire health care system has one foot in the paper world and the other in the electronic world.” She added that the consequences of violating patient privacy laws were “severe.” Already a few major health systems have been slowly dismantling the firewall between patients and their data. For example, Kaiser Permanente in California, Partners Health in Boston and the Cleveland Clinic allow patients to log on to secure websites to view their test results and other medical information.