Understandably, patient and consumer rights groups want individuals able to access their medical information as soon as possible so they can act on it swiftly, while healthcare providers want more time to gather data and make it available to patients. Providers fear they'll be forced to rush complex data to patients before it's complete, accurate, and secure.
On the provider end of the battlefield is the American Hospital Association, which says 36 hours is not enough time to provide discharged patients with information about their hospital stay. The proposed CMS requirement is technically "unfeasible" and riddled with potential conflicts with current HIPAA privacy and security regulations, says the AHA. The AHA has requested CMS to modify its proposed rule and give hospitals 30 days to make information available to patients upon discharge.
The AHA says it's not possible for hospitals to gather and deliver the proposed patient information within 36 hours. That information includes:
--Admittance and discharge date and location.
--Reason for hospitalization.
--Names of care providers during hospitalization.
--Problem list maintained by the hospital on the patient, verified to be up-to-date.
--Relevant past diagnoses known by the hospital.
--Medication list maintained by the hospital on the patient, both current admission and historical, and verified to be up-to-date.
--Medication allergy list maintained by the hospital on the patient, both current admission and historical, and verified to be up-to-date.
--Vital signs at discharge.
--Laboratory test results that are available at time of discharge.
--Care transition summary and plan for next care provider for transitions other than home.
-- Discharge instructions for patient.
-- Demographics maintained by hospital on gender, race, ethnicity, date of birth, preferred language, and smoking status.
In addition, the CMS proposal requires all of this information to be available for patients to: 1) view online; 2) download, in both a "human readable form" and coded to the specific vocabulary, document, and other standards adopted by the Office of National Coordinator for Health IT; and 3) request that the hospital transmit it to them.
"Thirty days are necessary to make determinations about how to respond to a request no matter the format of the protected health information," said the AHA in its comments to CMS.
"While providing an electronic copy of protected health information maintained in an e-health record eventually may be facilitated more easily by technology, the process of determining which records are relevant and appropriate takes the same amount of time as it does for evaluating paper records," wrote the AHA.