Healthcare Information Security

HIPAA and Compliance News

AHIMA: Patient Data Access Through Patient Portals Increases

Secure messaging, requesting appointments, and requesting medication refills were top reasons for patient data access, AHIMA research found.

patient portals aid patient data access process

Source: Thinkstock

By Elizabeth Snell

- Eighty-two percent of consumers took advantage of patient data access through a patient portal in 2016, an increase from less than 5 percent who did so in 2013, according to a study from the American Health Information Management Association (AHIMA).

Of reported portal users, 82 percent said they used it for viewing lab results, requesting medication refills, requesting appointments, and secure messaging.

“Although we have seen a dramatic improvement in patient engagement with their PHI, there is always room for improvement,” AHIMA interim CEO Pamela Lane, MS, RHIA, said in a statement. “Health information management professionals have an obligation to continue to assist patients and others in accessing and maintaining their own personal health record.”

Thirty-eight percent of respondents who used patient portals said that they were satisfied, while 53 percent stated they were very satisfied.

Respondents said the ease of use for making appointments and easy access to information when seeing multiple providers, when traveling, or just when they wanted to view the information were advantages to patient data access.

READ MORE: How HIPAA Regulations Apply to Key Patient Data Access Situations

“It seems over the years that getting access to one’s own health information is getting easier to do through technology,” according to one surveyed individual.

Another participant added that patient portals would likely be the preferred method of accessing such information in the future.

Patient data security concerns were also noted as potential drawbacks, along with the time and difficulty of accessing health records.

“Lack of interoperability between systems and my PCP [primary care provider] still on paper charts creates an inefficient and hard to access system of record,” one respondent noted.

“It seems to be a challenge getting information from other sources added to the patient portal. (i.e., Military, other providers),” another individual stated.

READ MORE: Ensuring Security, Access to Protected Health Information (PHI)

Fewer customers are being charged for copies of their own health information, the survey also showed. Sixty-five percent of consumers were charged for copies of their personal health information when they were requested, while 10 percent said they were charged in 2016.

The HIPAA Privacy Rule allows covered entities and business associates to charge a fee, and states that organizations can calculate their own price.

“Charging a flat fee not to exceed $6.50 per request is therefore an option available to entities that do not want to go through the process of calculating actual or average allowable costs for requests for electronic copies of PHI maintained electronically,” HHS explains in a FAQ on its website.

Organizations can estimate the average allowable cost for processing patient requests or maintain a schedule for typical allowable labor costs.

“Increased portal use is to be expected as eligible providers seek to meet the requirements of the Centers for Medicare and Medicaid Services’ Meaningful Use Stage 3 incentive program,” researchers explained. “Stage 1 objectives included providing electronic copies of health information and electronic prescriptions when permissible.”

READ MORE: Staying HIPAA Compliant in Patient Health Data Access Process

Stage 2 states providers must use secure messaging, the research team continued, and that providers need to give consumers the ability to view, download, and transmit their health information.

“Cost reductions are to be expected as more facilities move to EHR systems, whereby the cost of providing consumers with copies of their medical records is reduced,” the researchers wrote. “Also, as consumers become more aware of the HITECH requirements, they will scrutinize provisioning charges for record copies.”

The survey also showed that less than half of consumers said they maintained a personal health record in either paper or electronic form. Thirty-five percent said they use of paper records, 18 percent said they preferred electronic records and 46 percent reported they utilized both formats.

The potential back and forth between paper and electronic records was listed as a possible drawback to patient data access.

“My physician prefers paper records and reluctantly moved to electronic records and a patient portal,” one respondent said. “For the first year, there was no information available on the portal. Only after I asked did he release information about an office visit.”

Another surveyed consumer stated that a universal health record, perhaps a scannable card, would help the care process.

“Right now, my family physician has to call my other doctors for information on my medical records, and vice versa,” the individual explained.  

Overall, EHR availability and patient portal availability have increased with the implementation of the HITECH Act, researchers said. This has helped fuel individuals seeking personal patient data access in electronic form. Therefore, it is essential for HIM professionals to continue helping patients in accessing and understanding their own health data.

Citing a recent Federal Trade Commission report’s recommendations, the research team added that entities will also need to consider connected devices and implement best practices that consider data security.

“For many in HIM, the recommendations will sound familiar—train employees in security, make sure external service providers focus on security, and employ controls that prevent unauthorized users from accessing consumer information on devices and networks,” researchers concluded. “As more consumers access their personal health information electronically, privacy and security concerns will become paramount for HIM professionals.” 


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks

Continue to site...