Do doctors force their patients to use fax? A CareSet Journal FOIA Whitepaper
Do patients benefit from the money that the U.S. Government has spent on the interoperability of clinical systems? The Centers for Medicare and Medicaid Services (CMS) believes that the purpose of the $34 billion dollar Electronic Health Record (EHR) Incentive Programs (aka “Meaningful Use”), is to provide patients with access to their medical records in digital form. CMS even renamed this to the “Promoting Interoperability (PI) Programs”. This is the explanation for that change:
CMS is renaming the EHR Incentive Programs to the Promoting Interoperability (PI) Programs to continue the agency’s focus on improving patients’ access to health information and reducing the time and cost required of providers to comply with the programs’ requirements. (emphasis ours)
This language, which is emblematic of other statements from CMS, indicates that CMS regards patients having online access to their own medical records as its statutory duty. Indeed, multiple laws and funding measures passed by Congress give HHS and CMS the duty to ensure that patients, especially Medicare and Medicaid beneficiaries, have access to their clinical data.
CMS also has a statutory duty to report on information blocking. Information blocking rules and HIPAA require that patients are able to get their medical records in the manner they request if the provider has the technical ability to do so (unless exceptions or grounds for denial are met). Providers participating in the Promoting Interoperability Program have EHR technology that give providers the ability to provide a variety of methods of online access for patients. HHS provided an example of how this can work in their guidance explaining the intersection of HIPAA and Information Blocking:
For example, in exercising her right of access under the HIPAA Privacy Rule, an individual could request a copy of her information that constitutes the CCDS [Common Clinical Data Set] through the provider’s Certified EHR Technology portal or that it be sent from the Certified EHR Technology to the individual’s Direct address (an electronic address for securely exchanging health information using the Direct technical standard). If the provider is using Certified EHR Technology, the HIPAA Privacy Rule requires the provider to grant this request from the individual because the form and format requested is “readily producible” using the provider’s Certified EHR Technology.
Using FOIA, we have obtained records to shed light on CMS’s performance of their duties. CMS states that these incentive payments were intended to ensure that patients have access to their own healthcare data online. But have these payments resulted in healthcare providers actually making this online access easy for patients? What portion of these incentives payments are waste?
Put another way: The US government paid healthcare providers to stop faxing. Did providers do that? Or are they still asking patients to deal with fax machines to get access to their data?
The results of our FOIA request show that many healthcare providers are doing the right thing, and are allowing patients to download their healthcare records easily online. However, this trend is hardly universal, and the number of patients who still do not apparently have non-fax, non-mail, non-in-person, online access to digital versions of their medical records is significant. In our sample, 18 percent did not have a convenient way to use standard medical record request forms to request online access.
Our sample only included a small fraction of the relevant providers (we got less than 3% of the data that we requested) and of these we only modeled a portion of the data (details below) but we still identified about $150 million dollars that had been given to providers who only mention fax, snail-mail or in-person methods of access on their default HIPAA medical record request forms. Our most conservative estimate is that this has an impact on at least 9 million patients.