Posts Tagged ‘HIPAA’


HIPAA Loophole–Are law firms “covered entities”?

Monday, October 17th, 2011

Recently, a Baltimore medical malpractice law firm lost a portable drive that contained medical records for 161 stent patients, patient names, addresses, dates of birth, social security numbers and insurance information.  It appears as though the law firm represented a cardiologist being sued for alleged malpractice.

According to a Baltimore Sun article, the portable hard drive was “taken home nightly as a security precaution in case of fire or flood…though the portable information was not encrypted–among the most stringent security precautions that is standard practice for health professionals dealing with medical records.”

The law firm employee lost the hard drive while traveling on the Baltimore light rail.  She returned for it within 10 minutes but it was already gone.

HIPAA & Covered Entities

The protection of patient information is regulated by HIPAA, which applies to “covered entities”.  Under HIPAA, a “covered entity” is defined as being:

  • a health care provider that conducts certain transactions in electronic form (called here a “covered health care provider”)
  • a health care clearinghouse
  • a health plan

Here’s the legal question: Should law firms be included in the definition of covered entities?


(Disclaimer: This post is not intended as legal advice nor does it create an attorney-client relationship.)


~At Matthews Law Firm, P.A., we practice health law~

Patient Access to Medical Records

Tuesday, April 19th, 2011

In Florida and under HIPAA, a patient is entitled to have access to his or her medical records.  Sounds easy enough, right?  It can be.  But for some patients, gaining access to their medical records can take some time.  For example, some medical offices require the request to be in writing.  Some offices even have a specific request form to use.

Typically, a health care provider has 30 days to respond to a patient’s request for records.  Under certain conditions, the provider can get an extension.  For example, some records may be kept off-site and they may require additional time to secure the records.  However, in most instances, a health care provider must furnish the records within 60-90 days of the request.

Will you be charged for a copy of your records?  Probably.  Health care providers are allowed to charge for the copy fees.  Under Florida law, most doctors are allowed to charge $1 for the first page and up to 25 cents for each additional page.  For example, 100 pages of records would cost $25.75.  {First page = $1.00 + (99 pages x .25).  $1.00 + $24.75 = $25.75}  Note: The maximum copy fees for hospitals and various types of doctors may be different.

Is a health care provider allowed to deny a patient’s request for medical records?  Yes, but only under limited circumstances.  Also, if a provider is denying access to records, they must give notice in writing, explaining why access was denied.

For more information on access to medical records in Florida, go here.

(As always, the content in this blog is not legal advice.  If you are having issues obtaining your medical records, please contact an attorney.  Depending on the health care provider or type of doctor, different strategies may apply.)