HIPAA

10 tips to give patients electronic access to their medical records

The Health Insurance Portability and Accountability Act (HIPAA) guarantees patients the right to access their medical records electronically—and it's the right thing for doctors' offices to do in the digital age—but navigating complex federal and state laws on the issue can be dizzying for physician practices.

HIT trends in health care

Earn CME from AMA Ed Hub™: Explore the benefits and challenges of existing health information technology and get insight into developing innovations.

Learn More

The AMA is helping physician offices cut through fact and fiction with its newly released "Patient Records Electronic Access Playbook" that shepherds physician practices through the legal complexities and operational challenges of giving patients access to their digital health information. Request your copy of the playbook now.

"As technology plays an increasingly important role in collecting and exchanging health data, the AMA believes that providing patients with improved information access and better information privacy are not mutually exclusive goals," said AMA Board Chair Jesse Ehrenfeld, MD, MPH. "Patients deserve both, and the new playbook is an important example of the AMA's commitment to ensuring patients can easily access their personal health information that has been entrusted to physicians."

Related Coverage

7 EHR usability, safety challenges—and how to overcome them

The playbook is broken into four parts to help practices seamlessly integrate record-sharing with day-to-day operations. It includes a catalogue of educational information and reference resources with practical tips, case scenarios, and best practices for protecting patients' privacy while still empowering patients and their caregivers with convenient electronic access to their complete medical records.

10 key things to know

  • Patients have a right to view or obtain a copy of their medical and billing information.
  • There are limitations to what and how much can be charged for patients' records. Providing access to these records should not be viewed as a revenue-generating opportunity. Electronic access, in particular, should be available for little or no cost. More information can be found in appendix C.
  • Patients are not required to use the patient portal and can obtain copies of their medical information through alternative means.
  • If a patient requests a copy of medical information, have the patient fill out a patient request form. A sample form is included in appendix D.
  • A patient's access cannot be denied because the practice believes that access is not in the patient's best interest.
  • A patient can receive his or her medical records through unencrypted email if warned of the risk of unauthorized access in transit.
  • If a request comes from a third party and does not appear that it is at the patient's direction, then a HIPAA-compliant authorization form is required. A sample authorization form is included in appendix D. If you are unsure whether a third-party request is at the patient's direction or the third-party's direction, then we recommend contacting the patient to confirm that the request is at their direction.
  • If a patient would like a copy of their medical record sent to a third party, they have a right to have the practice do so.
  • Your patients may be eager to receive their records for any number of reasons, including needing to schedule additional appointments with specialists. Try to let your patients and their caregivers know when you have received their record request and, if possible, an estimated timeline for when they can expect to receive the records. This type of communication can help to relieve significant anxiety and improve trust and communication between the practice and your patients. It can also help eliminate redundancy and inefficiency while improving patient safety and outcomes. Also consider implementing a system allowing patients to flag emergency requests versus those that are more routine.
  • Remember that many patients are sick and have asked family members or other caregivers to help them access their records. Try to work with these caregivers to provide access in accordance with the patient's wishes. You can always call the patient if you need to double-check about whether to give the caregiver a record.

Related Coverage

Why physicians’ use of digital health is on the rise

The "Patient Records Electronic Access Playbook" is the latest in a growing list of resources the AMA provides to help physicians navigate and succeed in the continually evolving health care environment. In 2018, the AMA launched the "Digital Health Implementation Playbook," which offers medical practices guidance on the most efficient path for applying and adopting digital health solutions.

Learn more about the AMA's digital health leadership to ensure the physician perspective is represented in the design, implementation and evaluation of new health care technologies.