An uptick in the volume of payer requests for medical records is expected to continue through 2019 and beyond, leaving hospital health information management (HIM) departments and managed care teams burdened with extra tasks. However, including certain language in managed care contracts can help providers mitigate financial, privacy and security risks associated with these requests. The increase in medical record requests is due to DRG/post-payment audits and Healthcare Effectiveness Data and Information Set (HEDIS)/Risk Adjustment reviews as well as contract negotiators not realizing the mounting resource burden of taking on the sole cost and workload responsibility for providing payers with medical records.

Guidelines for managed care contract language

  • The following guidelines can help HIM departments and managed care teams refine medical records language as a good defense against audits.
  • Conduct a comprehensive review of each contract as it pertains to submission of supportive documentation including historical volume and charges to the insurance company. (This review does not include continuity of care requests currently provided to the insurance company at no charge.)
  • Identify favorable contractual language to include in insurance company negotiations. Payers have historically paid for records. Clarity in this section of the contract eliminates doubt about the cost responsibility.
  • Develop a summary of risks associated with allowing third-party access to hospital electronic health records (EHR).