As a hospital patient, you’re legally entitled to information about how your hospital made treatment and billing decisions about you.
This is known as a patient’s “right of access,” and it falls under the HIPAA Privacy Rule — the same umbrella of HIPAA rights that also ensures your patient data is protected.
Exercising your right of access is especially powerful for negotiating hospital bills. At Goodbill, for example, we request detailed records for patients to help us flag discrepancies and build a strong case for negotiating with hospitals. While hospitals generally won’t send you these records on their own, they’re required to do so within 30 days once they get your request.
HIPAA rights grants patients “right of access” to receive their billing and medical records from a hospital. The hospital must comply within 30 days of receiving the request.
Here’s an overview of what the HIPAA Right of Access legislation guarantees, and how to exercise your right of access.
Your HIPAA rights entitle you access to almost any patient health information about you, as long as it falls within the "designated record set" and is what the law calls “readily producible,” which means that the hospital already has it on file.
Something is within the "designated record set" if it's maintained by or for a covered entity (like a hospital) and used — in any way — to make decisions about you as an individual patient. That covers things like medical, billing, and claims records. You’re also entitled to specify the method and format that you’d like your documents delivered, for example: Email, fax, postal mail, Word document, PDF.
You have right of access to your billing records, like your itemized bill and UB-04 claim form, which provide detailed breakdowns of the procedures and charges you received during your hospital visit. Unlike the type of hospital bill you usually get in the mail, these provide standardized codes that help you identify errors or inflated charges when preparing to negotiate your hospital bill. Hospitals generally don’t send you these types of bills on their own, so you’ll need to exercise your HIPAA right of access to request them.
You also have right of access to your medical records, which include lab test results, X-rays and doctors’ notes. However, nowadays you can usually get your medical records online from your hospital’s patient portal, within minutes.
There are a few exceptions that aren’t covered under HIPAA right of access, like psychotherapy notes taken by a mental health provider.
Hospitals can require you to make the request in writing, though they sometimes accept them over the phone.
The fastest way to find out whether your hospital accepts HIPAA right of access requests over the phone is to call your hospital and ask to be connected to the Billing or Medical Records department. If they do honor requests over the phone, they’ll generally ask you to confirm your identity by asking for your name, home address, date of birth, and account or guarantor number. From there, ask for the specific record you’re requesting, and whether you’d like it emailed, faxed or mailed to you.
Generally, a written request looks like a brief letter that includes the following information, faxed or emailed to the hospital’s billing department:
Some hospitals also accept these requests through an online form. If your hospital has one, you can usually find it in the “Medical Records” section of their website.
Third parties are allowed to receive your information on your behalf, as long as your request is in writing and signed by you.
This means you can specify in your request that the hospital send your information to a company like Goodbill to help negotiate your hospital bill, or a family member, for example. Just remember to include your third party’s contact information for receiving the records.
Hospitals are legally required to send your records within 30 days of receiving your request.
In practice, we’ve found that hospitals can take anywhere from a few days to a few months. That’s because the definition of when a hospital “receives” your request is murky. Some hospitals take several weeks just to see your request, and count the 30 days from the time a hospital employee first scans your request into the system. From there, your request may get routed to a different department for processing.
It doesn’t hurt to call your hospital’s billing department periodically, to check in on the status of your request.
Calling the hospital’s billing department is the best way to ensure that your request was received, and that it’s being prioritized for processing. Best practice is to call a few days after you’ve sent your request to ask if they see it in their system. Then, check in once weekly to ensure it’s being processed.
As you near the 30-day mark, it may help to give hospitals a more forceful reminder that they’re legally obligated to fulfill your request within 30 days, using the sample script below.
“Hi, I’m [name] and I’m a patient who received a bill from your hospital.
I sent in a HIPAA right of access request for my [record] on [date], and I still haven’t received it. We’re now coming up on 30 days since my request, and HIPAA legally requires you to comply within 30 days. When should I expect to receive it?”
If your hospital doesn’t fulfill your request within 30 days, we recommend always calling the hospital’s billing department first to remind them of your rights under HIPAA, using the script in the previous section.
If you still feel like you’re not making headway, or that you’re being asked to jump through hoops that violate HIPAA, you can file a formal complaint online with the Office of Civil Rights in the U.S. Department of Health and Human Services.
The Office of Civil Rights regularly investigates these complaints and, if they find evidence of wrongdoing, will either require the hospital to take corrective action or pay a penalty.
Generally speaking, hospitals are allowed to charge you or your designated third party a fee. If you request the records for your own purposes, it’s usually about $6.50. If you want the records sent to a third party, it may be more, sometimes as high as $50. This assumes that you’ve requested your records be sent electronically, and that the hospital also maintains those records electronically. In states that have laws requiring hospitals to provide you with free copies, state laws take priority.
In cases where the hospital will need to make paper copies, pay for postage, or create a version of the document that doesn’t exist, they may charge you for the cost of labor and materials — though they must let you know this fee in advance.
Guides, news, and articles to help you tackle hospital bills.
Read our expert tips on how to negotiate your hospital bill to save up to thousands of dollars.
Itemized bills provide key details that can help you negotiate your hospital bill.
.jpg)
You have time before your bill can go to collections or affect your credit.
