How to handle law enforcement patient record requests

law enforcement patient record requests

How to handle law enforcement patient record requests

In addition to requests for patient information from patients, other providers, or insurance companies, your practice may need to respond to law enforcement patient record information requests 

Isn’t patient privacy protected by law?

Yes, back in 1996, the Health Insurance Portability and Accountability Act (HIPAA) was introduced to protect patients’ privacy. However, additional legislation allows medical providers to release patient information for law enforcement or intelligence purposes.

However, there are limited circumstances in which law enforcement can request patient medical records. For example, the HIPAA rules allow for disclosure if:

  • Law enforcement needs the information to identify or locate a suspect, fugitive, or witness
  • A crime has been committed on the premises
  • There is a medical emergency in connection with a crime

Additionally, law enforcement can request patient records under the Patriot Act for investigations to protect against terrorism.

What do I need to do to comply with HIPAA and law enforcement patient record requests?

Legally, you need to respond to law enforcement patient record requests within a certain amount of time – which varies by state. However, you can streamline your process.

If you have a staff member who responds to requests for patient information, they could be spending hours every day locating, copying, and mailing patient records. Even if they process enough requests to cover their salary, manual processing is still costing you money as your staff could spend their time on more productive tasks.

How can I reduce the burden this places on my practice?

Consider ePaper Road. ePaper Road is part of the Ferndale Road suite of practice management software that helps you streamline many of the administrative tasks needed to keep your practice running smoothly.

ePaper Road is an automated system that processes patient record requests. Your staff simply provides a link for the law enforcement officer to make their request and upload any required documentation. After a verification process, ePaper Road accesses your records through a secure VPN or cloud connection, process the request and arrange for the documents to be sent to law enforcement officer by FedEx, secure fax, or download.

Do I have to notify the patient?

You are required to let your patients know that you may release their records to law enforcement officers. Many practices include this disclosure on the patient records release forms or other HIPAA related documents for patients.

However, neither HIPAA or the Patriot Act requires you to let a patient know that you have responded to a law enforcement request for their medical records. In fact, if the information is requested under the Patriot Act, you’re not permitted to notify the patient.

To remain compliant, make sure that your patient record release form includes a sentence disclosing that your office will respond to law enforcement information requests appropriately. Then, save your practice time and money on patient record request processing by signing up for ePaper Road.