The Patient Record Scorecard

A deep analysis showing how medical record providers comply with the HIPAA Right of Access based on patient requests.

Scorecard reflects responses to patient requests for access from 2/10/19 – 2/13/20. Scoring is ongoing.
Contact us about your institution’s score.

Health Institution

Score

Reported As Of

Non-HIPAA compliant

HIPAA compliant Substantial intervention

HIPAA compliant Minimal intervention

HIPAA compliant Seamless process

HIPAA compliant Patient focused

University of Utah Hospital 50 N Medical Drive, Salt Lake City, UT

2/13/20

University of Utah School of Medicine 30 N. 1900 E, Salt Lake City, UT

2/13/20

University of Vermont Medical Center 111 Colchester Ave, Burlington, VT

2/13/20

University of Virginia Health System 1215 Lee St, Charlottesville, VA

2/13/20

UNM Comprehensive Cancer Center 1201 Camino de Salud, Albuquerque, NM

2/13/20

UPMC Magee-Womens Hospital 300 Halket Street, Pittsburgh, PA

2/13/20

UPMC Montefiore 3459 Fifth Avenue, Pittsburgh, PA

2/13/20

UPMC Pinnacle : Lancaster and Lititz PO Box 8700, Harrisburg, PA

2/13/20

UPMC Presbyterian HIM DEPT: 450 Melwood Avenue - Lower Level, Pittsburgh, PA

2/13/20

UPMC Shadyside 5230 Centre Avenue, Pittsburgh, PA

2/13/20

US Dermatology partners/Southwest Skin Specialists 11130 North Tatum Boulevard, Suite 100, Phoenix, AZ

2/13/20

USF Health 13330 USF Laurel Drive, MDC 33, Tampa, FL

2/13/20

UT Health Tyler 1000 S Beckham ave, Tyler, TX

2/13/20

UTMB Health John Sealy Hospital, Galveston 301 8th Street, Galveston, TX

2/13/20

UW Cancer Center at ProHealth care N16 W24131 Riverwood Drive, Waukesha, WI

2/13/20

UW Health and Clinics 8501 Excelsior Drive, Madison, WI

2/13/20

UW Health University Hospital 8501 Excelsior Drive, Madison, WI

2/13/20

UW Medical Center 1959 NE Pacific St, Seattle, WA

2/13/20

Valley Area Medical Pavilion 267 Fob James Drive, Valley, AL

2/13/20

Valley Internal Medical Associates 1 Medical Park, Valley, AL

2/13/20

Valley Medical Center 400 South 43rd Street, Renton, WA

2/13/20

Valley View Medical Center 5330 South Highway 95, Fort Mohave, AZ

2/13/20

Vanderbilt University Medical Center 1211 Medical Center Dr, Nashville, TN

2/13/20

Vassar Brothers Medical Center 45 Reade Pl, Poughkeepsie, NY

2/13/20

Verde Valley Medical Center 269 S Candy Ln, Cottonwood, AZ

2/13/20

Veterans Association Palo Alto Healthcare 3801 Miranda Avenue, Palo Alto, CA

2/13/20

Virginia Breast Care PLC 595 Peter Jefferson Pkwy, Charlottesville, VA

2/13/20

Virginia Cancer Specialists – Arlington 1635 N George Mason Drive, Arlington, VA

2/13/20

Virginia Commonwealth University (VCU ) Medical Center 57 N 11th Street, Richmond, VA

2/13/20

Virginia G Piper Honor Health: Deer Valley 19646 N 27th Avenue, Phoenix, AZ

2/13/20

Virginia G. Piper Cancer Care Network North Scottsdale 21803 N Scottsdale Rd #110, Scottsdale, AZ

2/13/20

Virginia Mason Hospital and Seattle Medical Center 1100 9th Ave, Seattle, WA

2/13/20

Virginia Oncology Associates 5900 Lake Wright Drive, Norfolk, VA

2/13/20

Virginia Oncology Associates : J. Christopher Paschold, M.D., FACP 500 Sentara Circle, Suite 203, Williamsburg, VA

2/13/20

Virginia Urology 9101 Stony Point Drive, Richmond, VA

2/13/20

Volm Cancer Center – Aspirus Langlade Hospital 501 Aurora Street, Antigo, WI

2/13/20

Wadley Regional Medical Center 1000 Pine Street, Texarkana, TX

2/13/20

Washington Hospital Healthcare System 2000 Mowry Ave, Fremont, CA

2/13/20

Washington Regional Medical Center 3215 N Northhills Blvd, Fayetteville, AR

2/13/20

Waterbury Hospital 64 Robbins St, Waterbury, CT

2/13/20

Wellstar Kennestone Hospital 677 Church St, Marietta, GA

2/13/20

West Dermatology 1457 Ford St #105, Redlands, CA

2/13/20

Western Arizona Regional Medical Center 2735 Silver Creek Road, Bullhead City, AZ

2/13/20

Westmed Medical Group – All Locations 2700 Westchester Avenue, 2nd Floor, Purchase, NY

2/13/20

White Plains Hospital 41 E Post Rd, White Plains, NY

2/13/20

Wilcox Memorial Hospital 3-3420 Kuhio Hwy., Lihue, HI

2/13/20

Will Rogers Health Center 1020 Lenape Drive, Nowata, OK

2/13/20

Willamette Valley Cancer Institute – All locations 520 Country Club Road, Eugene, OR

2/13/20

Willis Knighton Pierremont Health Center 8001 Youree Drive, Shreveport, LA

2/13/20

Winchester Medical Center 1840 Amherst St, Winchester, VA

2/13/20

The Patient Record Scorecard Methodology

The Patient Record Scorecard grades health care providers on how well they comply with a patient’s request, under the HIPAA Privacy Rule, to get copies of their medical records. Although there are a number of state laws that set a higher bar for patient access to records, only compliance with the HIPAA Privacy Rule was evaluated.

The score – between 1 to 5 stars – is based on the response of health care providers to one or more actual records requests submitted by patients (the patients request that their information be sent to their Ciitizen personal health record accounts). Ciitizen helps these patients by following up with each provider to make sure the patients’ requests get fulfilled.

The goal of the Patient Record Scorecard is to encourage and guide every health care provider to ultimately reach and maintain five stars.

How we reach the score

The star ratings are based on compliance with four key components of the HIPAA Right of Access:

Accepts requests by email or fax: Providers may not create a barrier to access by requiring patients to submit requests in person or by mail. (45 CFR 164.524(b)(1), https://www.hhs.gov/hipaa/for-professionals/faq/2036/can-an-individual-through-the-hipaa-right/index.html)

Sent in format requested: The provider sends the records in the format the patient requests, which is in digital – including by email – for text, CD for images. (45 CFR 164.524(c)(2)(ii)), https://www.hhs.gov/hipaa/for-professionals/faq/2060/do-individuals-have-the-right-under-hipaa-to-have/index.html.

Sent within 30 days*: The provider responds to the request within 30 days of receipt. (45 CFR 164.524(b)(2)(i))

*Providers can get credit for meeting the “within 30 days” component if within 30 days they provide a written statement of reasons for the delay and the date by which the records will be provided, and if the records are received within 60 days of receipt.

No unreasonable fees: Providers may only charge reasonable, cost-based (i.e., minimal) fees to cover labor costs of copying and supplies. (45 CFR 164.524(c)(4))

Star Ratings

One-Star - Non-HIPAA compliant​

Providers get one star for accepting an access request from a patient by fax or e-mail. This means the provider at least has a HIPAA-compliant process in place for accepting patient record requests (for example, the patient is not asked to mail in a request or make the request in person).

Two-Stars - HIPAA compliant Substantial intervention​

A provider earns two stars if they:

  • Meet all four of the HIPAA compliant components
  • Request had to be escalated more than once to a supervisor or the provider’s privacy official to ensure it was fulfilled in compliance with HIPAA. The need for intervention puts undue burden on the patient.

Three-Stars - HIPAA compliant with minimal intervention​

A provider earns three stars if they:

  • Meet all four of the HIPAA compliant components
  • Request required only one escalation to a supervisor or chief privacy officer to educate, and bring to their attention, that staff were not meeting HIPAA requirements.

Four-Stars - HIPAA compliant with seamless process​

A provider earns four stars if they:

  • Meet all of the HIPAA-compliant components
  • Request was processed seamlessly (i.e. without the need for any additional escalations to supervisors or privacy officials).

Five-Stars - HIPAA compliant and patient focused​

Providers who earn five stars go above and beyond to put patients first by doing the following:

  • Send records in five days or less
  • Accept external request forms (i.e., not requiring that patients use a specific form)
  • Provide patients their records for free

For those health care providers where more than one request was submitted, the score reflects the provider’s performance based on the most recent records request. The Scorecard will be revised every three to six months to include new entries and updated scores from existing providers.