OCR Clears Up Confusion About the Charging of Flat Fees for Copies of PHI
Earlier this year the Office for Civil Rights issued guidance for healthcare providers and health plans on the general right of patients to obtain copies of their protected health information on request.
The HIPAA Privacy Rule allows patients to obtain one or more designated record sets which a covered entity holds and maintains. By obtaining copies of their PHI, patients can take control of their own healthcare and well-being.
Providing copies of PHI to patients involves a cost to the covered entity, such as the time taken to obtain and copy records and prepare summaries, the cost of paper and printing if record sets are supplied in physical form, the cost of media devices for electronic copies of PHI, and the cost of mailing records to patients if they are not collected in person.
Covered entities are permitted to charge patients for providing copies of their PHI, which was explained in the OCR guidance; however, based on the questions submitted by covered entities there appeared to be some confusion over allowable charges, in particular regarding the charging of flat rate fees to patients. Today, OCR has updated the Frequently Asked Questions on its website to address this confusion.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
In the guidance, OCR explained that covered entities are permitted to charge patients the actual cost of providing PHI, or calculate average costs for labor plus postage, paper, CD, or USB drive costs, or charge patients a flat fee for supplying electronic PHI.
In the case of the latter, OCR previously advised covered entities that the maximum flat fee that can be charged is $6.50. The $6.50 fee must include all labor costs, the cost of reproduction, and the cost of postage.
Some covered entities took this to mean that $6.50 is the maximum fee that can be charged for providing copies of PHI to patients, which is not the case. The maximum fee of $6.50 applies only if covered entities opt to charge patients a flat fee rather than calculating average costs or passing on actual costs.
OCR also points out that if a covered entity has chosen to use the average cost method of calculating fees and an unusual request is made that the covered entity had not previously included when calculating the fee structure, covered entities may charge the patient the actual costs of honoring the request.
However, if such situations arise, the patient must still be advised in advance what the approximate costs will be for honoring the request. The fees charged must also be reasonable and only include charges permitted under the Privacy Rule.
The amendment to the guidance can be viewed on this link.
