Q: What is the record access process?
A: You have the right under federal law (HIPAA) to get copies of all of your health records. Ciitizen helps you leverage this right by submitting your health records requests to your health care providers – and by educating providers about HIPAA compliance if necessary to help get these requests fulfilled.
Q: How quickly will I get my records?
A: HIPAA requires that providers send records to patients within 30 days of receiving the request except in a few select cases. Individual cases will vary on how quickly records will arrive. After a request is made, we follow-up and urge providers to get them to us as soon as possible. In rare cases, providers won’t send records in a timely fashion. After 45 days and multiple follow-up communications we will stop trying to collect these records and share next steps on how you can approach getting these records into your profile.
Q: How far back can you get my health records?
A: Ciitizen will ask for records going back to the date of your disease diagnosis. Health care providers do not have to keep your records indefinitely – and how long they are required to keep them varies by state law. In general, we have found it difficult to get records that are older than 10 years and, in some cases, providers may destroy them earlier than that.
Q: Why do I need to provide my signature?
A: The HIPAA right to copies of your records is YOUR right – so requests for your records need to come from you. We place your signature on a form letter we send to request your records. We only use your signature to sign records request letters, and these letters are ONLY sent to your medical providers.
Q: Why do I need to provide a clear (not blurry) copy of my photo ID?
A: Your medical requests are submitted to your medical providers by fax or by email – so the provider needs some way to prove identity, and that you authorized the request letters to be sent. A clear copy of your photo ID is a way to remotely show that you are making the request.
Q: Why does my signature and my signature on my ID need to match?
A: Your medical provider needs some assurance that it is you who authorized the request for records. They will look for a decent match between your signature and the signature on the ID in order to prove identity and make sure that the request for records is coming from you.
Q: My provider has contacted me directly about my request – what should I do?
A: Many providers, as a matter of company policy, will contact a patient about a records request just to confirm that the patient submitted the request. If your provider contacts you to confirm that you want your records to be sent to Ciitizen, you should confirm that you want your records sent to Ciitizen, unless you have changed your mind. (After all, it is YOUR right to your records that Ciitizen is helping you to exercise—so it is not surprising that providers may want to make sure that you authorized the records request.) However, if the provider calls and wants to send your records directly to you instead of Ciitizen – or if they call to tell you they won’t honor the request, or if they send you a bill for the records, or push back in any way – please contact us at firstname.lastname@example.org so we can help successfully resolve this.
Q: Will my records be complete?
A: Your right under HIPAA is to ALL of your health records maintained by your healthcare provider, and the request to your provider states this clearly. We review your records when they come in to make sure they contain information that is customary for a patient with your health history – however, we cannot know for sure whether your provider has sent us all of the health record information that they have about you. Please check your records and let us know if you think something is missing.
Q: What if a provider is refusing to honor a records request or is charging too much for the records?
A: On occasions, providers refuse to comply with the HIPAA right of access by refusing to send records or by charging too high a fee. This could happen for a variety of reasons, but we are seeing higher compliance. For example, see Ciitizen’s Patient Record Scorecard. We escalate your requests to higher level officials at the provider in order to do all that we can to make sure your provider complies with HIPAA – but we don’t have the power to enforce the law against them. If we are unable to get one of your providers to comply with HIPAA after 45 days, we will cease following up on that record and let you know next steps on how you can pursue it with your provider directly. It’s possible in some cases that the records may need to be sent to you first – and then to us for population in your Ciitizen account; if that’s the case, we will provide you with assistance, including covering any costs involved in getting these records to you and then on to us. We can also advise you about how to file a complaint with federal regulators if you want to do that.
Q: I have received a bill from my provider for the records Ciitizen requested. What should I do next?
A: Ciitizen uses the HIPAA right for individuals to be able to get copies of their health information in order to populate your Ciitizen account. Because this is your right of access, and the requests are submitted on your behalf, occasionally a health care provider may send you a bill for your records. (HIPAA places limits on what fees can be charged to patients – and many providers give patients copies of their records for free; however, the law does permit a reasonable, cost-based fee to be charged.) Please promptly send the bill to email@example.com so we can make sure it is compliant with HIPAA and then Ciitizen will pay the bill on your behalf. Your Ciitizen profile is free for your use, and Ciitizen pays any HIPAA-compliant fees related to the release of your records from a provider.
Q: Will the records sent to Ciitizen per my request include sensitive information?
A: Your HIPAA rights extend to all information in the health record except for notes from psychotherapy sessions that are kept separate from other health records (which is not all mental health information – just the notes of a psychotherapy provider during a psychotherapy session, frequently maintained separately from other health records). However, state laws often require additional consent before sensitive information like HIV test results, mental health or genetic information can be released, even to the patient. As a result, when you put in your health records requests as part of onboarding to Ciitizen, you will need to specify whether you are comfortable with having this sensitive information shared with Ciitizen. Once this information is in your profile, you have the right to decide whether or not to share any of your health record information with any third parties. If you have any questions, please reach out to firstname.lastname@example.org.
Q: I want to make sure the information in my Ciitizen profile is current – do I have to submit a new request every time I go back to my medical provider?
A: To check the status of a pending records request or request an update to your existing records, sign in to your Ciitizen profile, select the provider you would like to view to see the status, and then, if you’ve been to that provider recently, you can choose “Yes, update my records” to request a records update.
Q: I signed up on the ciitizen.com website, where’s my invite?
A: We are inviting beta users off of our waitlist in waves to ensure we can provide the best support to our users, so there may be a delay. We greatly appreciate your patience. If you have any questions, feel free to reach out to email@example.com.