Michigan's Medical Records Access Act
The Michigan Medical Records Access Act, which became law on
April 1, 2004, is an attempt to formalize some issues regarding copying
and providing medical records to patients and their legal guardians.
For years, medical records custodians had been basically on their own
to develop policies for when medical records would be produced and to
whom, as well as what could be charged for the copying and the
administrative burden inherent in locating and copying the chart,
especially where the record is older, meaning it is maintained off-site
or in the custody of a record-keeping company. The impetus for the new
law was HIPAA and its myriad provisions. Since HIPAA allows for a state
to pre-empt its provisions with protections that are more strict, the
Michigan legislature decided to set out explicitly patients’
protections and rights.
First, the provisions of the law. The provisions do
not apply to mental health treatment records, which includes
records from mental health clinics and facilities, as well as records
kept by mental health professionals. The rules for those records remain
the same. Namely, MCL §330.1748 and 1750 define the limits of
confidentiality and privilege and producing records to patients, and
MCL §330.1946 covers duty to warn. There are no provisions
regarding copying charges, meaning that the old rule applies, which
means that a "reasonable" charge may be assessed. Considering that this
new statute for non-mental health records sets out what the legislature
deemed to be reasonable, a facility would be safe charging what the
statute sets forth, even though the statute does not actually apply to
this type of records. If a facility wants to charge more than what the
statute provides, it may due so for mental health records as long as
the charge is "reasonable," which should never be more than the actual
cost of copying the records. Otherwise, the patient could assert that
the facility, by charging an excessive amount, was constructively
denying him access to his records.
Who May Access The Medical Records?
For non-mental health records, the provisions address a
patient’s and a patient’s "authorized representative’s ability to
access the patient’s medical records. The term "patient" is defined to
include the patient, as well as the patient’s legal guardian, and, if
the patient is a minor, the patient’s parents,
unless the minor had the ability to consent for the
underlying medical care without parental consent.
In Michigan, there are five areas of medical care for which
a minor may receive care and give consent without the need for consent
from the parents; these are:
In these instances, the minor is the one who has the ability
to access the records and make disclosure decisions. This provision is
a good example of the legislature codifying what had been the generally
accepted unwritten rule regarding these types of records.
Additionally, a patient’s "authorized representative" may
access the patient’s medical records. The statute defines an
"authorized representative" as:
A person with "explicit written authorization" to act
on the patient’s behalf in regard to medical records.
If the patient has died, then the Personal
Representative, the "heirs at law," or the beneficiary of the person’s
life insurance policy.
Time Parameters For Producing The Records
A patient (or authorized representative) may have access to
his medical records by providing a written request that has been signed
and dated within 60 days of the request. The keeper of the medical
record then has 30 days to respond to the request, or 60 days if the
record is kept off-site. (The keeper can also get a 30-day extension if
needed.) The response must be one of the following:
Make the record available for inspection and/or
copying at the provider’s or facility’s location, or provide a copy.
If the record is being stored by a contracting
company, then the record must be retrieved and be made available as in
1., at the provider’s or facility’s location – not at the contracting
company’s location.
Tell the patient that the record either does not exist
or cannot be found.
Tell the patient that they do not possess the record
and provide the patient with the possessor’s name and address.
If the provider or facility determines disclosure
would like have "an adverse effect" on the patient, then the provider
or facility must provide a clear statement to the patient and must
provide the record, if requested, to another provider or facility as
requested by the patient.
If the provider or facility has records or information
obtained "under a confidentiality agreement," then access may be denied
along with a written denial.
The recordkeeper must take reasonable steps to verify the
requesting person’s identity; but may not ask the purpose for the
request. (Note how this contrasts with the rules regarding mental
health records where the release must state the purpose for which the
records are being disclosed.) The statute provides merely that
"reasonable" steps must be taken to verify the person’s identity, which
means that each facility can do what it deems to be best, considering
its responsibilities as well as the logistics of the situation. Each
facility will have to decide on its own policy, such as whether a
driver’s license or other photo ID will be required, or whether to set
up a rebuttable presumption that any otherwise credible request will be
honored unless there is some indication of forgery or concern about the
signer. It is imperative that, regardless of the policy set, that the
facility implements it consistently to avoid problems.
Faxed or Mailed Requests
Recordkeepers have often grappled with the issue of faxed
releases. This statute codifies what had been the unwritten duty of a
medical records custodian to ensure that the release is valid or more
accurately, validly signed. Now, that duty is explicit, which one can
infer makes it more important than it had been previously. Thus, a
records custodian will need to be very careful with faxed, and even
mailed, releases. A custodian may well be justified in requiring a
person to provide some sort of additional proof of identity, whether in
person or when the request comes in the mail.
Copying Charges
The law sets out specific fees that a recordkeeper may
charge to copy a record. In general, these are:
An initial $20.00 fee per request
$1.00 per page for the first 20 pages
$0.50 per page for pages 21 through 50
$0.20 per page after that
Any postage or shipping costs actually incurred
If the records are in some form other than paper (i.e.,
digital or microfilm), or if the records are more than 7 years old and
kept off-site, then the keeper may charge the actual cost of copying
the record. To the extent that the actual cost exceeds the costs set
out in the law, the keeper should be prepared to present documentation
in case the matter is taken to court.
The statute further provides that a recordkeeper shall
waive the fees for a medically indigent patient, and the recordkeeper
is allowed to request proof that the person is receiving some sort of
governmental assistance. Such an indigent person is entitled to only
one copy of his record. To the extent that more is requested, then the
recordkeeper may charge the appropriate fees.
Use of Third-Party Record Storage
Many health care providers and facilities use
records-keeping companies to store older records, and have let those
companies handle medical record copying – basically passing the buck to
them when records are requested. Now, the facilities can no longer pass
the buck, as they are still responsible. When records are kept
off-site, an extra 30 days is provided for the response and copying. To
the extent that a patient wants to inspect the actual record, the
facility or provider has to produce the record at their business; the
statute does not allow them to force the patient to go to the off-site
facility or that company’s business.
In general, these third-party storage companies charge
copying fees higher than those set by the statute. The facility or
provider will want to ensure that the third-party will not come back to
it looking for reimbursement for the costs not allowed by the statute.
Charts Containing Confidential Information or Where
Information May Be Detrimental To the Patient.
Note that the new statute provides that the facility or
provider MAY deny access to any information kept confidential
by an agreement. The use of the permissive "may" implies that the
information does not have to be kept confidential. Obviously, to the
extent that there is a confidentiality agreement, then that information
has to be kept confidential. This statute merely codifies that the
facility or provider’s agreement with the person providing the
information will overrule a patient’s right to see the entire chart.
This is a good provision, as it will encourage providers to
put all information regarding the patient in the chart. Before this
law, this information would likely not be put in the chart for fear
that the patient would see it and react, either by hurting himself or
someone else. Now, that information can be safely included in the
chart, where other providers will have access to it, should such a need
require.
Closely related to this is the provision allowing records to
be withheld if disclosure is likely "to have an adverse effect on the
patient." This is a new provision for general medical records, which
had been a staple in terms of mental health records until the provision
was essentially repealed when the Michigan Mental Health Code was
overhauled in 1996. The usual scope of this type of a provision is to
cover risks to the patient and others; here, the statutes
specifically provides the ground only if that risk it to the patient.
This provision would most likely involve issues where the
patient is receiving mental health treatment. As has been set out
above, this new statute does not apply to mental health records and,
the Michigan Mental Health Code has removed that provision as it
pertains to mental health records where the patient is an adult and
without a guardian. It is difficult to imagine scenarios where this
provision will apply.
The bigger question is whether this provision requires the
facility or provider to examine every requested chart to see if there
is any reason to withhold disclosure. The statute’s language does not
explicitly state that every chart has to be reviewed, but the
implication is there. Providers and facilities are going to want to set
up policies regarding how this will be handled, or specific charts that
will require some sort of sign-off by the provider.
