The concern over healthcare data breaches and healthcare data privacy has added to the growing movement toward individual patient control over their own data.
Silicon Valley startup Ciitizen was founded to enable this future by building consumer-friendly tools intended to help patients organize and share their medical records to more easily seek second opinions, enroll in clinical trials and participate in research.
However, one of the major barriers in this effort has been the reticence of providers and other healthcare organizations to release data to patients, even though in many cases they are legally obligated to.
A 2018 study from Yale University researchers found that many of the 83 top-ranked U.S. hospitals were not compliant with federal and state regulations guiding the data formats available to be released to patients and how quickly data requests should be processed.
Other barriers to patient access of data include cost of release fees which far outstrip federal recommendations and inconsistency in the scope of data able to be requested by patients.
In response to this issue, Ciitizen has launched a new Patient Record Scorecard meant to rate specific providers on how they responded to patient requests to healthcare records.
The ratings are based on efforts by Ciitzen users who have requested that their data be digitally sent to Ciitzen and providers are scored on a one to five star scale based on whether response to data requests fit with HIPAA regulations and OCR’s Right of Access guidance.
Bonus stars were also awarded to providers who went beyond the HIPAA requirements for data sharing. For example by accepting external request forms or providing patient records at no charge. Full methodology can be seen here.
Currently 51 providers across nine states are listed in the company’s scorecard database. Organizations that have garnered five stars under Ciitizen’s rating system include Boca Raton Regional Hospital in Florida, Central Park Hematology and Oncology in New York and the Mayo Clinic’s Arizona Campus.
On the other end of the spectrum were providers like Memorial Sloan Kettering Cancer Center in New York, Northwestern Memorial Hospital in Illinois and Stanford Health Care in California.
The name-and-shame strategy is taken out of the playbook of the healthcare quality movement, which Ciitizen claims has moved the needle in helping to improve measurement and reporting standards by providers nationwide.
Alongside the scorecard, the startup also conducted a phone survey of more than 3000 healthcare organizations which found that more than 50 percent of healthcare providers are out of compliance with the HIPAA right of access.
Ciitizen’s Chief Regulatory Officer Deven McGraw, who previously served as Deputy Director for Health Information Privacy at the HHS Office for Civil Rights, wrote in a post that the scorecard was meant to improve compliance across the industry.
“We recognize that providers may be unhappy about their potential noncompliance with HIPAA being under the spotlight,” McGraw wrote.
“But because all providers routinely profess to be HIPAA compliant?-?and we are confident that all of them want to be?-?we believe the spotlight, while it may initially feel harsh, will help raise the bar for compliance with the HIPAA Right of Access.”
Picture: phototechno, Getty Images