The Patient Record Scorecard

A deep analysis showing how medical record providers comply with the HIPAA Right of Access based on patient requests.
Scorecard reflects responses to patient requests for access between 2/10/19-7/2/2019.
Contact us about your institution’s score.

Health Institution

Score

Location

Non-HIPAA compliant

HIPAA compliant Substantial intervention

HIPAA compliant Minimal intervention

HIPAA compliant Seamless process

HIPAA compliant Patient focused

Baptist Hospital of Miami (Baptist Health South Florida) 8900 North Kendall Drive, Miami, FL

Miami, FL

Billings Clinic (Mayo Clinic Care Network) 801 North 29th St, Billings, MT

Billings, MT

Boca Raton Regional Hospital (Baptist Health South Florida) 800 Meadows Road, Boca Raton, FL

Boca Raton, FL

California Pacific Medical Center – California Campus (Sutter Health) 2333 Buchanan Street, San Francisco, CA

San Francisco, CA

Cascade Family Medical Center 2134 Eureka Way, Redding, CA

Redding, CA

Central Park Hematology and Oncology 12 East 86th St, New York, NY

New York, NY

City of Hope Duarte Cancer Center 1500 E Duarte Rd, Duarte, CA

Duarte, CA

CPMC Imaging (Sutter Health) 1375 Sutter St, San Francisco, CA

San Francisco, CA

Dr. Alysan Goldfarb 1185 Park Ave # 1A, New York, NY

New York, NY

Eastside Radiation Oncology 61 E 77th St, New York, NY

New York, NY

Evanston Hospital (NorthShore University Health System) 2650 Ridge Ave, Evanston, IL

Evanston, IL

Froedtert Hospital (Froedtert and Medical College of Wisconsin) 9200 West Wisconsin Avenue, Milwaukee, WI

Milwaukee, WI

Hemant D Patel MD 2333 Mowry Ave # 200, Fremont, CA

Fremont, CA

Illinois Bone & Joint Institute 9000 Waukegan Road, Suite 200, Morton Grove, IL

Morton Grove, IL

Los Alamitos Medical Center 3751 Katella Ave, Los Alamitos, CA

Los Alamitos, CA

Marietta OB/GYN Affiliates 699 Church St #220, Marietta, GA

Marietta, GA

Mayo Clinic – Arizona (Mayo Clinic) 5777 E. Mayo Blvd., Phoenix, AZ

Phoenix, AZ

Mayo Clinic – Minnesota (Mayo Clinic) 200 First Street SW, Rochester, MN

Rochester, MN

Memorial Sloan Kettering Cancer Center 1275 York Ave, New York, NY

New York, NY

Mercy Medical Center – Redding (CommonSpirit Health) 2175 Rosaline Ave, Redding, CA

Redding, CA

Mission Hospital (St. Joseph Health) 27700 Medical Center Rd., Mission Viejo, CA

Mission Viejo, CA

Montefiore Hospital (Montefiore Health System) 111 East 210th Street, Bronx, NY

Bronx, NY

North Valley Breast Clinic (Dignity Health) 1335 Buenaventura Blvd, Redding, CA

Redding, CA

Northwest Community Hospital (Northwest Community Healthcare) 800 W Central Rd, Arlington Heights, IL

Arlington Heights, IL

Northwestern Memorial Hospital (Northwestern Medicine) 251 E Huron St, Chicago, IL

Chicago, IL

OBGYN Partners for Health (Stanford Healthcare) 365 Hawthorne Avenue #301, Oakland, CA

Oakland, CA

One Medical 3885 24th Street, San Francisco, CA

San Francisco, CA

Palo Alto Medical Foundation – Dublin City Center (Sutter Health) 4050 Dublin Blvd., Dublin, CA

Dublin, CA

Palo Alto Medical Foundation – Fremont Center (Sutter Health) 3200 Kearney Street, Fremont, CA

Fremont, CA

Patients’ Hospital of Redding 2900 Eureka Way, Redding, CA

Redding, CA

Providence Saint John’s Health Center (Providence Health & Services) 2121 Santa Monica Blvd, Santa Monica, CA

Santa Monica, CA

Rush University Medical Center 1611 W Harris, L1, Suite 001, Chicago, IL

Chicago, IL

Scott Kramer MD 2333 Mowry Ave., Suite 201, Fremont, CA

Fremont, CA

Scripps Green Hospital (Scripps Health) 10666 N Torrey Pines Road, La Jolla, CA

La Jolla, CA

Scripps Memorial Hospital Encinitas (Scripps Health) 354 Santa Fe Drive, Encinitas, CA

Encinitas, CA

Shasta Regional Medical Center 1100 Butte Street, Redding, CA

Redding, CA

South Miami Hospital (Baptist Health South Florida) 6200 SW 73rd Street, Miami, FL

Miami, FL

Stanford Health Care 300 Pasteur Dr, Palo Alto, CA

Palo Alto, CA

Tri-City Medical Center 4002 Vista Way, Oceanside, CA

Oceanside, CA

UChicago Medicine (University of Chicago Medicine) 5841 S Maryland Ave, Chicago, IL

Chicago, IL

UCSF Benioff Children’s Hospital San Francisco (UCSF Medical Center) 1975 4th St, San Francisco, CA

San Francisco, CA

UCSF Center for Reproductive Health (UCSF Medical Center) 499 Illinois Street, San Francisco, CA

San Francisco, CA

UCSF Gynecology (UCSF Medical Center) 2356 Sutter Street, San Francisco, CA

San Francisco, CA

UCSF Helen Diller Comprehensive Cancer Center (UCSF Medical Center) 1600 Divisadero Street, 3rd Floor, San Francisco, CA

San Francisco, CA

UCSF Medical Center – Mission Bay (UCSF Medical Center) 1825 Fourth St., San Francisco, CA

San Francisco, CA

UCSF Medical Center – Mount Zion (UCSF Medical Center) 1600 Divisadero St, San Francisco, CA

San Francisco, CA

UCSF Medical Center – Parnassus (UCSF Medical Center) 505 Parnassus Ave, San Francisco, CA

San Francisco, CA

University Diagnostic Medical Imaging 1200 Waters Place, Bronx, NY

Bronx, NY

University of Colorado Hospital 12605 E 16th Ave, Aurora, CO

Aurora, CO

Washington Hospital Healthcare System 2000 Mowry Ave, Fremont, CA

Fremont, CA

WellStar Kennestone Women’s Imaging Center (WellStar Health System) 677 Church St, Marietta, GA

Marietta, GA

The Patient Record Scorecard Methodology

The Patient Record Scorecard grades health care providers on how well they comply with a patient’s request, under the HIPAA Privacy Rule, to get copies of their medical records. Although there are a number of state laws that set a higher bar for patient access to records, only compliance with the HIPAA Privacy Rule was evaluated.

The score – between 1 to 5 stars – is based on the response of health care providers to one or more actual records requests submitted by patients (the patients request that their information be sent directly to Ciitizen in order to be populated into their Ciitizen personal record accounts). Ciitizen supports these requests by following up with each provider to make sure they get fulfilled.

The goal of the Patient Record Scorecard is to encourage and guide every health care provider to ultimately reach and maintain five stars. 

How we reach the score

The star ratings are based on compliance with four key components of the HIPAA Right of Access:

Accepts requests by email or fax: Providers may not create a barrier to access by requiring patients to submit requests in person or by mail. (45 CFR 164.524(b)(1), https://www.hhs.gov/hipaa/for-professionals/faq/2036/can-an-individual-through-the-hipaa-right/index.html)

Sent in format requested to the patient’s designated recipient: The provider sends the records in the format the patient requests, which is in digital form by email for text, CD for images, and sends it to the third party designated by the patient. (45 CFR 164.524(c)(2)(ii) & (c)(3)(ii), https://www.hhs.gov/hipaa/for-professionals/faq/2036/can-an-individual-through-the-hipaa-right/index.html)

Sent within 30 days*: The provider responds to the request within 30 days of receipt. (45 CFR 164.524(b)(2)(i))

*Providers can get credit for meeting the “within 30 days” component if within 30 days they provide a written statement of reasons for the delay and the date by which the records will be provided, and if the records are received within 60 days of receipt.

No unreasonable fees: Providers may only charge reasonable, cost-based (i.e., minimal) fees to cover labor costs of copying and supplies. (45 CFR 164.524(c)(4))

Star Ratings

One-Star - Non-HIPAA compliant

Providers get one star for accepting an access request from a patient by fax or e-mail. This means the provider at least has a HIPAA-compliant process in place for accepting patient record requests (for example, the patient is not asked to mail in a request or make the request in person).

Two-Stars - HIPAA compliant Substantial intervention

A provider earns two stars if they:

  • Meet all four of the HIPAA compliant components
  • Request had to be escalated more than once to a supervisor or the provider’s privacy official to ensure it was fulfilled in compliance with HIPAA. The need for intervention puts undue burden on the patient.

Three-Stars - HIPAA compliant with minimal intervention

A provider earns three stars if they:

  • Meet all four of the HIPAA compliant components
  • Request required only one escalation to a supervisor or chief privacy officer to educate, and bring to their attention, that staff were not meeting HIPAA requirements.

Four-Stars - HIPAA compliant with seamless process

A provider earns four stars if they:

  • Meet all of the HIPAA-compliant components
  • Request was processed seamlessly (i.e. without the need for any additional escalations to supervisors or privacy officials).

Five-Stars - HIPAA compliant and patient focused

Providers who earn five stars go above and beyond to put patients first by doing the following:

  • Send records in five days or less
  • Accept external request forms (i.e., not requiring that patients use a specific form)
  • Provide patients their records for free

For those health care providers where more than one request was submitted, the score reflects the provider’s performance based on the most recent records request. The Scorecard will be revised every three to six months to include new entries and updated scores from existing providers.