No MUwithoutMe: Here’s What Happened When I Requested My Medical Records

NayerAs an innovator, restless entrepreneur, and national award winner for consumer engagement, I was intrigued with the stories I was reading about accessing the patient portal for data, basically the looking glass into “my data.” For those who are not familiar with health data, here’s a quick history.

As part of the Great Transformation in health care, HHS, CMS, and ONC (which is the Office of the National Coordinator for Health Information Technology), and others regularly update rules on health data, privacy, HIPAA and meaningful use. Meaningful use—otherwise known as MU—is a term that describes how the stakeholders, starting with the patient, provider (doc, hospital, etc.) and plan can and should be using the data, because it provides historical and patient-centric context. Meaningful use as a measure of quality improvement was launched to describe the kinds of health IT [HIT] improvements that would be developed over the course of several years.

Meaningful use was launched with 3 stages. The first, MU1, was the wider use of electronic health records in physician, hospital, and care providers’ offices and systems. Instead of the ages-old paper documentation, the electronic health records were to be used for the recording of all health care delivery to patients, thereby speeding the entry and the sharing of info between care providers and the patient.

As you may expect, this is not an easy process. In fact, recent surveys have shown that over the past 3 years the numbers of physicians who are on EMRs (Electronic Medical Records, or EHRs, Electronic Health Records–the terms are used interchangeably) has risen, spurred on by the incentives offered by HHS to update the technology. As of August 2014, over 78% of physicians in offices and 60% of hospitals had installed the necessary EMRs with reporting functions as described for MU1. In order to receive the incentives, physicians and hospitals have to report their progress and use; these are called attestations, which are made public, and the incentives paid to the physicians and health systems are made public, too.

You may have seen email blasts, Healthcare.Gov messages, and even signs in hospitals and local newspapers as the new technology went “live.” As a part of the installations, a patient portal was to be created. This electronic gateway–think of it as going online to your hospital and getting access to your health records–was intended to engage patients in taking more responsibilities for their health. With #engagement, patients could review their records, make any changes to certain sections, request appointments and send emails to the providers. All of these proficiencies would be staged in—they are not required to be added all at once.

For reference, I went to an in-network but out-of-my-region health system for a consult a couple of years ago. The signs were everywhere: they had an electronic health record and I could get my lab results and what they meant for my health, get directions from my doctor for follow up care, and make appointments. This is a leading, nationally known health center.

Now, the notices are out for my in-network hospital’s patient portal. My physician and my husband’s 3 physicians are all part of this hospital system and therefore on the same technology platform, created by one of the top 5 IT vendors and for which this hospital has won awards as an early adopter of the HIT.

I set off to experience and chronicle the process. It’s one thing to know the law, learn others’ stories, and write. It’s quite another to try it out for one’s self. But if I’m going to promote it (since the early 2000s, I’ve been writing and speaking on this subject), and promote paying more for systems and physicians that share data with their patients as the equal partner in care, then I have to step up, too.

What I Expected Was A User Experience Such as I Had in the Previous Health System’s Portal

Remember that I went to the other system 2 years earlier. I came home, turned on my computer, and followed the steps. I received an identifier code in the email that took me to a secure site where I registered–much like one does when opening a bank account or brokerage account online.

Here in my hometown system, the health system said I had to show up in person. So I tweeted to the system and asked, “Why? This makes it hard for elderly and for snowbirds to get their data.”

Three days later I received a personal email from the IT department, with a name and phone number just in case I needed it. The message: my system wants to take extra precaution in the privacy and security of my data. I wrote back with thanks, and asked more questions, including the story of the other hospital.

Then, I was referred to the wonderful woman who heads up the questions on the patient portal. She called me, I asked the questions, and was told the Legal Audit department had made the ruling that patients must bring identification to get their secure login in order to protect identities.

The following is the abridged version of the FB post that called a few of my friends to the growing problem. The reason I called the few that you see here is that we were all on a call the previous day to begin strategy for the #NoMUwithoutMe” campaign–a campaign to get one million folks to ask for their records thru provider portals and tell their story by July 4, 2015. Obviously, I had to get moving. As the founder of the Center of Health Engagement, I have a responsibility to lead the charge of people linking to their health data and managing their health better. Data Drives Decisions, after all.+

The FB Posts Clarify Some of the Broader Issues

The FB post that started the discussion:

I just talked to the patient portal person. I have to go to admitting. For security. My friend [who has a life-threatening illness] can get his records by going to the offsite printed paper place.

“But Cyndy, you don’t get your whole record…you get your labs and some demographic info (address, etc)”

[then I called out a few friends]
Casey Quinlan E-Patient Dave deBronkart Danny Sands Danny Long David Harlow

I had asked about how the snowbirds get their records when they have gone north. My friend has serious COPD (breathing issues) and his doctor just moved to a new health system. Neither he nor his doctor has the medical records–obviously he’s quite upset, as this is life-or-death for him.

Seeing no other way around it, I drove to admitting and asked to see the person from the phone call. She welcomed me, asked for my drivers’ license, and presented it to the man behind the desk at the computer. He pulled up my medical record, grabbed a printed card with “how to register for the patient portal” steps on it, and wrote my private medical record number on it. Question: what if the card blew away in the parking lot? Surely this was not a good rendition of “security”?

The lovely lady asked if I had any other questions, and then I was referred to the Legal Audit person in Administration. She would call, but she’s out of the office on the day that I sent the message.

The Comments Grew Hotter

Some FB friends asked: Did you call the Office of Civil Rights (OCR) hotline?

You can submit a written complaint online to OCR and also contact your regional office if you care to http://www.hhs.gov/ocr/privacy/hipaa/complaints/index.html

Another comment: Why do we continually have to beg for what is OURS?

Pat Elliott My hospital system patient portal is only used by some of the providers. My oncology records aren’t in there, they give me hard copies at each visit. If I write to the patient portal IT guy I can get him to send oncology records via email within the portal but the ongoing data from visits to both hospitals is not integrated in any way. The records, just like my healthcare, are fragmented and siloed. If I’m in an accident and taken to the ER unconscious I doubt that the ER staff will root through the emails for info. The two hospitals I use are 20 miles apart but none of the physicians work together. Thanks for the info on how to file a complaint. Am tired of emails, ads and slick brochures trying to sell me on the portal, it’s time for some action.

The most distressing thing, in my mind, is that my institution probably gets credit for having a Portal that i accessed and viewed!

3) A HIPAA compliant portal implemented using Epic that provides a free but delayed and limited view of your record and test results. The portal does eventually communicate messages back to the provider but there is a disconcerting intermediary “Hi I am Bob. I got your message and will pass it on to your doctor.” Bob who? Why are you reading my message to my doc? Do you work for UMich? Are you even in Michigan? Or the USA? But eventually “Bob” who ever he is does send the message along and a few days later I usually get a reply.

4) Go to an offsite location and pay $1.25/page for a paper copy which should be complete but may be voluminous.

You can see the incentives that were paid to each provider at this website.  http://www.cms.gov/…/EHRIncentivePr…/DataAndReports.html

B. Rather than play a lot of lengthy bureaucratic games, I create a paper trail … I find some people who have the power to give me what I want. I send a letter that I can prove that they received, fax or certified mail. I indicate what I want. I ask for their assistance in helping me accomplish it. If my problem is not solved within a week or two, I go to someone with power over the first person who can solve the problem, I give them my information. I ask for their suggestions. Eventually, I go to a board member if I have to do so. I am always very polite and straightforward. I ask for their suggestions. I do what they suggest. I set it up so that I can prove that I followed their suggestions.

C. If you have to take further action, you have the evidence. You can prove that you tried. You can show you were professional. You tried to play the game according to their rules. You asked them what you needed to do to get the records, you did it, you still didn’t get the records…

In Summary

You now have a real-time synopsis of the events and the posts in getting my health data. It’s not the first time I’ve run into roadblocks.

I did call the legal-audit person, who provided some sketchy details. One of the things she told me was that they were only going back 3 years, and that they were not including patients that had left their physician practices (that would be my friend).  As you might imagine, that leaves a big hole for medical records and snowbirds to fill.  It also leaves a big hole here in my town because physicians seem to change affiliations about every 3 years.

There is a growing movement to request the health data by each of us—this is #NoMUwithoutME, meaning, there can’t be meaningful use without each of us actively participating.  There is a Twitter account @GetMyHealthData and website where you can tell your story.  Plus, there is access on my website for your stories.

We need to document these snafus and help our health systems and providers step forward to the 21st century. I am quite hopeful that our combined voices can push the doors open and we can all go through the patient portal that belongs to each of us. We must get the value of our hard-earned tax dollars as we transform the health system to produce better health outcomes.

Cindy Nayer is Director of the Center for Health Engagement.

Categories: Uncategorized

2 replies »

  1. I dont think you are ever going to get records easily. Too many trade secrets. Methods used in lab are proprietary. Instruments used are special sometimes.. Algorithms used to weigh risks are often owned and copyrighted . Also, the records will never be the whole truth because the owners can and do change the data. Eg ER nurse is using EPIC and free texts the words “I had to use this drug ——- because the Pixis machine was out of the drug that was recommended by our algorithm for treating pulmonary emboli, and I could not find the doctor.” Later, the nurse found that this portion of the record was removed. Naturally, no hospital ER director is going to allow this to remain.

    Also, mental health records can not be in medical records by
    law in most states and there are scads of quasi-mental health notes accompanying hard medical science notes: Eg “doc, my blood pressure is going crazy because I think my wife thinks I have an STD acquired by intercourse with another woman.”
    Is this a mental health note or not?

    In old days, paper notes could have remarks changed by running a pen mark thru the words but these words could not be removed and they had to be readable. The changes had to be dated and signed. Now, with HIT, we can actually cut and trashed. Not good.

    Question: will you even want cleaned-up, partially-false records?

  2. HIT is so bogus. But it is good to know your insurance plan can navigate this system to determine that whatever expensive procedure, equipment, or drug you require is NOT medically necessary therefore payment is denied. It is just good knowing my health records are so valuable that if I knew what was in them, someone would probably have to kill me. Now I need to answer my ringing shoe phone. Hello Chief…… Meanwhile I can shuffle the stocks in my 401K Plan and move money between banks and bank accounts, pay bills, and order netflix. Yep HIT is bogus.