Nothing sets off my fuse than a clinic refusing to send me my data so I can get it to another doctor for another opinion, ESPECIALLY around cost / prognosis (well, they don't "refuse", they just delay for so long). So, so glad to hear this.
> Individuals’ Right under HIPAA to Access their Health Information 45 CFR § 164.524
> Timeliness in Providing Access
> In providing access to the individual, a covered entity must provide access to the PHI requested, in whole, or in part (if certain access may be denied as explained below), no later than 30 calendar days from receiving the individual’s request. See 45 CFR 164.524(b)(2). The 30 calendar days is an outer limit and covered entities are encouraged to respond as soon as possible. Indeed, a covered entity may have the capacity to provide individuals with almost instantaneous or very prompt electronic access to the PHI requested through personal health records, web portals, or similar electronic means. Further, individuals may reasonably expect a covered entity to be able to respond in a much faster timeframe when the covered entity is using health information technology in its day to day operations.
> If a covered entity is unable to provide access within 30 calendar days -- for example, where the information is archived offsite and not readily accessible -- the covered entity may extend the time by no more than an additional 30 days. To extend the time, the covered entity must, within the initial 30 days, inform the individual in writing of the reasons for the delay and the date by which the covered entity will provide access. Only one extension is permitted per access request.
One of my kids' doctors left their practice, and we followed them to the new. The old practice sent us a letter stating patients were not permitted to do so, and they refused to provide records citing a non-compete. (I had more than one sweary phone call with them over this.)
HIPAA has no private right to civil action in these scenarios, so we had to involve the state, and that process took about six months. It's definitely not fast; we were happily in the scenario where the records weren't time critical.
Im not in a position to produce the section reference right now but the regulation discussed in the comments, 45 CFR, requires providers are able to transfer medical records from the old practice to the new practice.
Their issue wasn’t with the regulation not existing, they knew full well. The problem is that if they refuse, then what? You have no power as an individual to force them to do it.
And as the parent comment said, you have to involve the state and it takes 6 months.
The practice was doing something both wrong and blatantly illegal that impacted my child's continuity of care. That's well worth going to the effort to get them smacked.
> Reminder #5 – How IB actors make EHI available for access, exchange, and use can and will vary based on who the IB actor is, their technological sophistication, and who it is that is seeking to access, exchange or use an IB actor’s EHI.
> The information blocking regulations do not require IB actors to adopt or use certain technologies or platforms. IB actors may use “patient portals,” other web interfaces, application programming interfaces (APIs), and a multitude of technologies and platforms to make EHI available for access, exchange, or use. The information blocking regulations focus on practices that are likely to interfere with, prevent, or materially discourage access, exchange, or use of EHI. For example, while the information blocking regulations don’t prescribe specific technologies, how IB actors design, implement, use, or limit technologies in relation to the access, exchange, or use of EHI could implicate the information blocking regulations.
This is the part I had to go looking for. I've been in this space for just a bit now, and I can tell you that like most of American healthcare, it's a shitshow. Get ready to develop an app against your doctor's EHR API if they don't expose this via a patient portal.
I don't think the docs are too happy about giving you access to "their" work product, AKA your health data. And to some extent I sort of see where they're coming from - if they were photographers, they'd actually hold copyrights over images they take of you.
But the goals here are at least laudable and there is some rather glacial advancement.
Is this always the case for photographers? If they are employed by a business and the pictures are taken for pay, wouldntthe company own them? Can you specify the same in a contract with a freelance photographer?
I don't really know all the legal ins and outs, but you are the artist of the pictures you take and you own the copyright. I'm sure you can work as an employee and you can always sell the copyright along with the work. It used to be back in the day that photos were taken on film, so photographers could retain the film and sell you prints or just give you the film so you could make whatever you wanted. I've mostly been out of the loop since those days, so I'm not sure what the conventions are like these days.
The most interesting legal questions around this recently are regarding monkeys or other animals who take selfies, and whether they can own those works.
