HCI HealthCare Collections
HCI HealthCare Receivables Management

Client Login  |  Payment


Timely Responses to Patient Requests for Medical Records Aren’t Optional

It is a good rule of thumb to consider anything important if an enforcement arm of the federal government points something out 16 times. For healthcare providers, that means paying close attention to instances where patients request copies of their medical records. Because the Department of Health & Human Services Office of Civil Rights certainly is paying attention when providers aren’t.

Under the Health Insurance Portability and Accountability Act (HIPAA), providers are required to respond to requests from individuals for copies of their medical records in a timely fashion. Those requests are to be responded to within 30 days of the provider receiving such a request.

Sixteen times now — in the past 16 months — a healthcare provider has been fined for not providing access to medical records in a timely fashion. Most recently, a healthcare provider in California was fined $70,000 - [https://www.hhs.gov/about/news/2021/02/12/ocr-settles-sixteenth-investigation-in-hipaa-right-of-access-initiative.html] -for failing to provide timely access to medical records after two patients filed complaints.

The information that patients can request under HIPAA includes more than just medical records. Patients can ask for financial information as well, including payments, claims adjudication, and billing records. All this information must be at the fingertips of healthcare providers so they can respond within the 30-day window and avoid becoming the 17th company to reach a settlement with the Office of Civil Rights.

This area of HIPAA is important to the Department of Health and Human Services even under the new administration in the White House. Two of the most recent right-of-access settlements have occurred since President Biden took office. While the department is still waiting for the Senate to confirm President Biden’s pick to run HHS, it appears that this will continue to be an important area of focus moving forward. Last year, the OCR said it would “vigorously enforce” the rights of patients to maintain control of their medical records, and they are making good on that promise.

For any company involved in the healthcare industry, making sure they are on top of record requests and working with partners to make sure they have the information they need to comply with any requests. The Department of Health & Human Services will continue to spotlight companies that choose not to comply with requests from patients for their medical records. For the providers, the cases brought by HHS are black-and-white and are tough to argue against.

« back to blog

RSS Feed


HCI Fast Facts

  • In business since 1992
  • Only serve healthcare providers
  • Meet HIPAA and PCI DSS compliance standards
  • All employees are trained and certified on their knowledge of the FDCPA, FCRA, TCPA, HIPAA and the emerging CFPB rules
  • Secure client portal
  • Secure patient portal
  • Long-term client relationships
  • Low employee turnover

one of only 70 PPMS Certified collection agencies

PPMS Certified

PPMS is a management system for recovery agencies based upon developing, implementing and adhering to a set of strict industry-specific professional practices and policies.

PPMS certification, much like a SAS-70 audit, requires independent CPA attestation that an agency has in place written policies, procedures, and work processes that ensure regulatory compliance and adherence to industry best practices. The agency must also demonstrate that it has procedures in place to identify and remediate any variance from these. PPMS certified agencies are subject to annual surveillance and must re-certify every five years.

An agency that has voluntarily undergone the PPMS application and certification process is, quite simply, a better business partner than one which has not. This rigorous process results in:

  • Greater productivity/better recoveries
  • Increased efficiency for better customer service
  • Improved data security and physical security
  • Improved solutions to compliance issues
  • Enhanced disaster recovery
  • More effectively trained staff
  • Continuous measurement of client satisfaction
  • Faster resolution of client services issues
  • Company-wide commitment to quality assurance
  • Documented procedures for consistent performance

This strict accreditation insures that you as HCI clients, receive the very best service.

"Clients come to us when good isn't good enough. They demand the best. We love it and wouldn't have it any other way."
— Christian Lehr, VP/COO

HCI is a proud member of the following associations:
HCI Associations Recovery and Medical Associations Recovery and Medical Associations