I need a copy of my medical records from my doctor for various reasons. I called them, and they told me I needed to come in and sign a release form. A release form to release my own records to me? :dubious:
They claim it’s a HIPAA regulation, which it may well be. But it seemed very odd to stand there and fill out a form saying “I, Athena, authorize Dr. TalksALotVeryQuickly to release my medical records to Athena.”
What’s the truth here? Is it truly necessary for them to have a release on file to release my own records to me, or are they playing CYA?
They need to verify you are who you say you are and they need it in writing. Yes, it’s in the HIPAA regs. You should’ve gotten a privacy notice from them at some point with this information in it.
It’s legit. You don’t need to sign a release for your records to be released to you, but you do need to sign a release for your records to be mailed to you.
And, technically, they aren’t your records. They were created by the doctor, as part of his job, for his use in the future. They belong to him.
They are about you, and you have a right to see them & get a copy, and the privacy right not to have anyone except the doctor & assistants to see them. But they are owned by the doctor.
They’re not mailing them. I’m picking them up in person.
And thanks everyone for the info! I know a little bit about HIPAA and how goofy it can be, so I didn’t make a big deal out of it to the doctor’s office, but I did want to know if the request was legit or not.
Yeah I know that they “belong” to the doctor. But there are obviously a lot of laws around them. They don’t belong to him in the sense that he or she could publish them in the local paper, or give them to any random stranger who wants them, or do any number of things with them that a doc could do with, say, a poem he or she created.
I’ve had to pick up my records many times, and I’ve yet to get them without signing a release and showing photo ID. Once or twice, my ID has been photocopied onto the signed release form. Of course, this is at a military clinic, so the copied ID thing may be overkill.
All this does is protect the doctor and you if your records are improperly used. During some HIPAA training or other, we got a story about a patient’s records being stolen from her car. The patient tried to sue but the suit was thrown out of court because there was a signed release form in the original record. Another story from another training (right after HIPAA went into effect, but before anyone knew much about the specifics) involved a private investigator who sent a female confederate to get a copy of the client’s soon-to-be-ex-wife’s records. The doctor’s office gladly complied, but did not obtain a release. The wife sued, but the case was settled out of court.
The point is, releases are a royal pain in the ass, but they’re there for mutual protection.
Even a lot of doctor’s offices misunderstand HIPAA. So they may think they’re doing a necessary thing, while they’re actually not.
For example, if you are my patient, I do not need your permission to get old records from other doctors who have treated you sent to me, unless the records relate to psychiatric, chemical dependency, or HIV treatment.
But to convince some doctor’s offices of that, I’ve had to send my release of records requests on a form which quotes the former Secretary of HHS saying that such a signature is not necessary, along with the references to the particular HIPAA pages affirming that it’s not needed.
Some doctor’s offices just have patients sign everything, whether it’s needed or not, to get around such issues.
Yup, I used to write electronic medical records software, and I had the pleasure of writing the code that figured out just when we could show records created by one doctor to another doctor.
Talk about spaghetti logic. There are so many different restrictions and exceptions, it’s crazy. Plus, of course, the patient has the right to sign forms that say “Qadgop is a jerk and I NEVER EVER EVER want him to see my medical records” which trumps every exception. And then you throw in all the rules for nurses and hospital staff and what happens if the patient is unconscious in the ER… it was a headache.
I don’t know what the HIPAA policies for a doctor’s office, but in the pharmacy (where I work and know the rules) we can only release medication records to the person, or their legal guardian (if under 18). We do not require any sort of signature for this, but we do need to verify you are who you say you are. We can not release records of your spouse, or any children over 18 years of age (even if they were under 18 when the medication was dispensed) unless we have a a signed release form from them… And if we don’t know who you are (i.e. any doubt at all in our mind this isn’t on the up and up) we might require you to get them mailed to you through our privacy office up at corporate.
That is the policy, now we might bend some of the rules for patients who are regulars that we know (calling and giving us permission for your spouse to pickup, etc).