As patient engagement gains momentum, and technology enables easier access to personal health information, many providers still charge money for copies of records. That's allowed under HIPAA and HITECH. But is it wise?  

At the recent AHIMA convention in Atlanta, Kim Murphy-Abdouch, clinical assistant professor at Texas State University, said it might be time to rethink policies and procedures related to patient access that may be holdovers from a paper-based way of thinking.

Even as "patients are becoming much more aware of their own healthcare, and much more savvy" about managing their health data, "cost could be a barrier to patient access," said Murphy-Abdouch.

Especially, she said, it's important to make a distinction between who is requesting to get ahold of this data – the patients themselves, or third parties such as payers and lawyers?

While it may be perfectly defensible to charge the latter for access, she said, it goes against the spirit of meaningful use to place cost burdens on patients who are seeking to be better engaged in their care.

As it stands today, "what organizations charge patients for their healthcare information is all over the board," said Murphy-Abdouch. "There's a lack of consistency in what patients are charged – from free, to hundreds of dollars."

Under HIPAA, of course, patients have a right to see and obtain their medical records. And the law allows that providers can charge a "reasonable, cost-based fee" for providing either paper or electronic copies of patient records.

And effective this past Sept. 23, patients also have a right to request their information in an electronic form.

As Murphy-Abdouch pointed out, "the fees that can be charged cannot be any greater than the actual cost of labor and supplies to provide the information."

When considering the difference between the labor and supplies needed to print out reams of paper records, and the process of supplying the information online, that would suggest a different cost calculus is needed.

Not only is it the right thing to do to comply with HIPAA and HITECH, she said, but it's the right way to help improve health outcomes by driving engagement.

"As we transition to electronic health records, existing health information management policies and practices must be evaluated to ensure patients are supported in their efforts to access and manage their own information."

Most state laws dictating what can be charged for data "were enacted to set a cap on what attorneys would be charged to access patient records," she said.

When it comes to patients, though, things are different. "Under meaningful use, there's more and more of a push to get that patient engagement."

As such, there should be a different approach for "patients, versus people who use (health data) for their business."

Clearly, the access landscape is changing, if slowly.

Murphy-Abdouch pointed to a survey conducted by the AHIMA Foundation and Texas State University that polled providers on their IT infrastructure and the habits of their patients.

Some 38 percent of providers said they have a patient portal in place, but "that's probably up to 40 by now," she said.

When asked what percentage of patients actually use the technology, however, more than 40 percent of respondents said fewer than 5 percent of patients log in.

When asked what percent of patients ask for electronic copies of their data, more than 85 percent of providers said fewer than 5 percent.

The good news is that "I think next year these numbers might look quite different," said Murphy-Abdouch. "But for now, patients are not accessing the portals very much, and not requesting their records be provided electronically."

Even when they do ask, those patients are often slapped with fees. More than 52 percent of providers charge for electronic copies, she said. And "the fees were all over the place: flat fees from less than $10, up to $50; per-page fees ranging from five cents to $5."

But those costs may be based on old ways of doing things, she said.  

"If you're preparing something electronically the per-page charge doesn't seem as relevant as per-page for a paper copy."

Indeed, "nearly one in four members surveyed indicated that they charge a rate for copies that would appear to be inconsistent with HIPAA and HITECH," said Murphy-Abdouch.

By those laws, a "reasonable, cost-based fee" would based on factors such as the cost of the labor to put together the information, the cost of the device you would put it on or the cost of the actual copy, if i's being provided in paper form.

For electronic access, "each organization would have to calculate their own reasonable, cost-based fee," she said. That would depend on the labor costs of getting the information. A provider could charge for the cost of a flash-drive or CD. If it's necessary to mail the electronic device, you could charge for the the postage, or for courier charges.

"But it has to be uniquely related to the actual cost of providing the information to the patient," said Murphy-Abdouch. "HIPAA and HITECH are very clear. You can't charge for infrastructure associated with providing the information"

In this newly-wired environment, it's important, of course, that policies, procedures and work processes are in compliance with HIPAA and HITECH" when it comes to charging for access, she said.

But the larger goal should probably be to comply with the spirit of meaningful use – looking for ways to increase access, rather than putting up roadblocks.

"There's a lot of misunderstanding on the parts of patients," she said. "We have a real opportunity to be advocates for patients. t's their information. we should be facilitating that engagement. People need to take responsibility for managing their health. We need to not place a barrier, in terms of cost."

Sure, it costs money to offer access – especially for the majority of providers who use third-party vendors to help with release of information. But it can also be a cost-saver in the long run.

"As a former CEO, I don't want to put up a barrier," said Murphy-Abdouch. "If my patients are better informed, they're less likely to be readmitted."

When it comes to insurance companies and lawyers, "you charge them all you want," she said. "Charge them the maximum rate. Because they're going to use that information to make money. But patient should be viewed with a different lens than other third parties requesting PHI."