Take our Salary Survey for a chance to win prizes! | Take the Survey

Ciox Health Sues to Trim HIPAA

Ciox Health Sues to Trim HIPAA

Ciox Health, a national healthcare technology company that helps physicians and facilities with medical records requests, is suing to stop the agency from enforcing parts of HIPAA limiting the amount providers can charge for medical records.

Ciox: HHS Violated HIPAA

In its lawsuit, Ciox claims the Department of Health and Human Affairs’ (HHS) approach “imposes tremendous financial and regulatory burdens on healthcare providers and threatens to upend the medical-records industry that services them”, Fierce Healthcare  reports.  The company said in its complaint that it supports the basic tenets of HIPAA and patient access to medical records, but two elements of HIPAA enforcement are particular barriers.

  • A 2013 final rule requiring providers to transmit health records to a designated individual and include any medical information electronically, regardless if it came from a paper or electronic source.
  • HHS guidance in 2016 that requires all records requests – including those made by law firms and payers – to limit charges to a “reasonable cost fee.” HHS said the covered entity could charge a fee based on actual labor costs, average labor costs, or for a flat fee of $6.50.

Ciox argues the directions departed from HITECH Act limiting the amount covered entities could charge individuals but put no restriction on third parties. The company feels the $6.50 fee is unrealistic. Ciox reports that 4 percent of the records requests are from patients and 40 to 50 percent are providers transmitting records to others. Ciox fulfilsl those requests for free and generates revenue through data requests by third party businesses.

Latest in Ciox HIPAA Action

Before the suit was filed, Ciox received a warning from the HHS Office of Civil Rights  (OCR) that it may  have violated HIPAA when it charged a hospital patient $224.65 after sending 353 medical records pages to her lawyer.
Ciox is also the target of two actions – One in Georgia alleging the company overcharged for medical records, and another in Indiana where 62 hospitals are being accused of having submitted fraudulent Meaningful Use data by not meeting a three day limit.

Brad Ericson
Latest posts by Brad Ericson (see all)

About Has 338 Posts

Brad Ericson, MPC, CPC, COSC, is a seasoned healthcare writer and editor. He directed publishing at AAPC for nearly 12 years and worked at Ingenix for 13 years and Aetna Health Plans prior to that. He has been writing and publishing about healthcare since 1979. He received his Bachelor's in Journalism from Idaho State University and his Master's of Professional Communication degree from Westminster College of Salt Lake City.

Comments are closed.