Obtaining a properly executed medical authorization is essential to the fulfillment of medical record requests.
Custodians of records, in following Federal law, will deny record requests that fail to follow HIPAA requirements, ensuring the patient consents to his or her protected health information being released to a third party. To prevent your HIPPA authorization from being rejected and delays in record delivery time, always review your authorization to ensure it avoids the top 10 reasons patient medical authorizations are denied.
1. THE RELEASE HAS INCORRECT PATIENT INFORMATION
A medical records release form containing wrong patient information is certain to result in rejection. A provider will deny a request when the patent’s last name has changed (ex: woman changing her name after marriage), dates of birth are inverted, or the patient’s address has changed. Even small mistakes can cause release forms to be rejected.
2. THE RELEASE FORM IS NOT HIPAA COMPLIANT
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that protects patient privacy by preventing the unauthorized disclosure of medical records, which the Act defines as “protected health information” or PHI. The Department of Health and Human Services has a comprehensive question and answer section that covers the essential required elements that must be included in medical records release forms.
3. THE RELEASE FORM IS NOT THE PROVIDER’S
Some medical providers will only disclose PHI if their own HIPAA release form is completed and submitted. Ontellus has a robust Authorization Library for your use. With many years of experience, any time we learn a provider requires their own HIPAA release, it is added to our Authorization Library. Ontellus also has established relationships with providers across the country, and the ability to notify you right away if your release form does not meet the provider’s requirements.
4. THE RELEASE FORM IS EXPIRED
The Privacy Rule requires that an Authorization contain either an expiration date or an expiration that relates to the purpose of the use or disclosure. Submitting an expired medical records release form will result in the provider denying your request. Litigation can span several years in some cases. To ensure your Authorization remains up-to-date, it is recommended to state the Authorization will expire “one year from the date the Authorization is signed,” or “upon the minor’s age of majority.” Any ambiguity in the expiration date, such as “during the life of the claim” can result in rejection.
5. THE RELEASE FORM IS NOT SIGNED AND DATED
Claimants or plaintiffs are typically asked to sign HIPAA Authorizations early in the claims handling process, at their initial meeting or during the client intake process. There are times when getting a signature is overlooked. If an Authorization is missing the patient’s signature, the provider is certain to not comply with the request. Using a record retrieval partner, such as Ontellus, can help identify missing information prior to submitting the request to the provider.
6. THE RELEASE FORM IS MISSING SUPPORTING DOCUMENTS
There are times when additional supporting documents need to accompany the Authorization. For example, if the patient is deceased, the provider may want to see a copy of the death certificate or, if someone has signed on behalf of a minor child, proof of Legal Guardianship may be required for records disclosure.
7. THE RELEASE FORM REQUIRES A POWER OF ATTORNEY
When an Authorization must be signed by an authorized patient representative on the patient’s behalf (ex: in cases of a deceased individual, minor child, incompetent adult), a copy of the document that authorizes the representative to sign the release needs to be provided. This can take the form of a power of attorney, a copy of the letters of authority appointing a personal representative (called an executor or administrator in some states) for an estate or a court decree appointing a guardian for the patient.
8. THE RELEASE FORM IS INCOMPLETE
Failing to include all the required information will result in a denial of your request, creating delays that could have otherwise been avoided. If any information is incomplete, providers will send it back.
9. THE RELEASE FORM DOES NOT IDENTIFY THE TYPE OF INFORMATION TO BE RELEASED AND/OR DOES NOT IDENTIFY THE PARTIES TO WHOM INFORMATION MAY BE DISCLOSED
Authorization also must clearly state the name of the parties with whom medical records can be shared or disclosed. Providers require the name or other specific identification of the person(s), or class of persons, to who the provider may make the requested disclosure. In addition, the specific person(s)/entity must be identified on the Authorization itself. Including a cover sheet or other document stating who should receive the information is often rejected by the provider.
10. THE AUTHORIZATION REQUESTS THE PATIENT’S ENTIRE MEDICAL RECORD OR “ANY AND ALL” RECORDS FROM THE PROVIDER
While an Authorization is valid if it authorizes the provider to disclose an "entire medical record", "complete patient file” or “any and all records,” the provider might find it to not be sufficiently specific and deny the request. Protected health information encompasses a wider range of information than that which is typically understood to be included in the medical record (i.e. mental health records), and individuals are less likely to understand the breadth of information that may be defined as "protected health information."
Have questions surrounding your Authorization? Ontellus is here to help.
GET THE GUIDE
Minimize HIPAA authorization rejections by downloading this guide to keep at your fingertips.
Topics: Custodians, Medical Authorizations
Melanie Pita, Esq.
Melanie Pita is a licensed attorney and industry executive with more than 20 years of experience in the claims and litigation field. As a graduate of both Indiana University Bloomington and Drake University Law School, Melanie has extensive experience resolving significant legal, business and compliance issues in C-Suites, board rooms and courtrooms. Melanie’s wide-ranging expertise includes litigation, insurance defense, claims management, medical malpractice, data privacy and security, HIPAA, SOC, electronic medical records, HITECH, healthcare compliance, contract negotiation, marketing, scrum/agile product development, and project management. Melanie currently serves as Chief Legal Officer for Ontellus, where she leads the in-house legal and product strategy teams.