COC
How does DataFile handle the transferring of medical records for the
purpose of Continuity of Care (COC)?
When a transfer of medical records related to Continuity of Care is required, there is
much speculation and debate regarding the appropriate volume of records to be sent. In
an attempt to avoid contentious situations while providing efficient services to all clinics,
DataFile has implemented the following policy when processing COC medical records
requests:
Brief Background
Individuals familiar with HIPAA regulations frequently raise arguments under the assumption that
there is universal agreement as to the applicability of state and federal regulatory language which
governs minimum necessity rules and compliance with a request for medical records. As a result of the
inconsistency of the interpretation of these regulations, DataFile believes the following approach should
be regarded as “best practices”.
As a company built on efficiency, compliance, and satisfactory product fulfillment DataFile Technologies works to understand the objective of each request. We then utilize the most secure and
efficient processes to allow the transfer of information to the intended destination. The difficulties
facing practices, providers, and companies such as DataFile are explained in the following example:
Kathy moves across four states in order to be closer to her son. Kathy goes to a new provider
and signs a release authorization, checking the box “all medical records” to request that her
medical records be transferred from her previous provider. In her case, “all medical records”
includes 280 pages of records. Kathy’s new provider does not desire, require, nor is obligated
to receive and take ownership of the entire medical record. The provider is now faced with a
common problem, which is the subject of many blogs, forums, and articles. The problem being
that the receiving provider must now accept the burden of determining what information to
keep and what to discard. This unnecessary inundation of medical records can clutter a
practice’s fax inbox, delay workflows, and adversely affect the care provided to patients.
COC 1 of 4
COC
While DataFile’s stated goal is to attempt to understand the objective of each medical record request, it
would be prohibitively inefficient to our streamlined process of information exchange to apply meticulous
analysis regarding the intent of every medical record request. This would be analogous to a car manufacturer
taking it upon themselves while in the process of building a vehicle to call the eventual owner and discuss
which radio stations they would prefer be preset on the radio.
Our Policy
Roughly four years ago, DataFile implemented a policy which has proven extremely valuable and unquestionably effective. This policy included the deployment of an internal definition of “minimum necessity”
as it relates to COC request. The protocols used to determine which records to send in order to fulfill a
medical records requests are dependent on a number of variables. These variables include, but are not
limited to
• Our client’s interest
• Patient age
• Patient condition
• Size of the medical record
• Clinic EMR product
• The specialty of the provider
However, the biggest factor determining the success of the DataFile approach to handling COC requests
is our ability to remain compliant with HIPAA regulations while notifying the receiving party of the professional discretion which we have applied to their records request. Below is a copy of the notice which is
provided with every COC request to which we have “limited the upload”.
COC 2 of 4
COC
As a result of this pragmatic and logically applied policy, we have received many positive responses from
providers. Frequently, providers admit to us that they have begun emulating the process of providing only
the most recent medical records, accompanied by a similar notification letter, when processing COC
requests.
The above letter is attached to roughly 200 records per day. Of those 200 records, we receive minimal
responses per month seeking the transfer of further information. The rarity of this occurrence is nowhere
near frequent enough for DataFile to reconsider our approach. It is with even greater infrequency that we
receive complaints from requesters regarding our process, this occurring roughly once every few months.
HIPAA Compliance
Here at DataFile we are often presented with questions regarding the HIPAA compliance of not sending the
entirety of medical records in response to an appropriately executed request. The above letter clearly states
to the requestor that more information is available. HIPAA federal (along with most states) regulation mandates that an entity comply with a request or attempt to contact the requestor within thirty days. DataFile
operates under a tight twenty-four hour turnaround of records standard, thus notification occurs with great
expedience. As long as there is not a stated refusal to release more information, no violation or unwillingness
to comply has occurred. A final real world example of this policy in practice illustrates the point effectively.
DataFile acquired a new client practicing a specialty that housed color images as part of their Designated Record Set. In the onboarding of this client the knowledge, location, and details regarding these
images was lost in the mutual excitement surrounding implementation. As a result of this breakdown
in communication, DataFile fulfilled the practice’s release of information requests for roughly nine
months without supplying the color images. After nine months and hundreds of requests, a situation
arose in which it was discovered that these images were not being sent. In conjunction with our client,
we determined that these images must not be needed on the vast majority of records requests because
no one had asked for them. After a thorough study of our client’s needs and the needs of their associates, DataFile adopted a policy of producing these time consuming and costly images only when
specifically requested. The surveyed providers and practices preferred to avoid the unnecessary burden
of scanning the images into their EMR and managing the records. In order to maintain compliance,
DataFile consistently makes requesters aware that the images are available for transfer upon
request and can be processed within twenty-four hours.
COC 3 of 4
COC
Our Mission
Please keep in mind, this “carpe diem” approach carries with it the goals of eliminating inefficiencies and
preventing the waste of resources. This approach is in no way designed to compromise individual patient care
or other critical information which is communicated via medical records. We fully understand what is
required of us by HIPAA regulation and will fulfill all medical records requests in the most efficient and satisfactory manner possible. Experience has taught us that less than one percent of records request actually
require the full medical record. It is because of this statistic that we believe it is more intelligent to build a
system which prioritizes the need of the requester over the volume of the record.
Call 816.437.9134 or Visit DataFileTechnologies.com to Learn More
COC 4 of 4