This post was written more than four years ago. The world changes fast, and the information, conclusions, or attributions may or may not still be accurate. Check the sources and links, and email me if you have any questions.

Americans change their healthcare providers incredibly frequently. A job change can spark an insurance change which can force a patient to move to a new clinic, a patient can move across the country, get dissatisfied, or have multiple chronic conditions requiring coordination of care between disconnected providers.

The major care providers and hospitals generally use Electronic Health Record (EHR) or Electronic Medical Record (EMR) systems by a company called Epic, although there are plenty of companies that do substantially the same thing: Practice Fusion, Allscripts, athenahealth, eClinicalWorks, drchrono, and countless others.

In technology, we adopt standards to design community-conferred and consistent ways to record and exchange information. For example, USB and Wi-Fi are both standards that have been developed to ensure interoperability between devices. If every device manufacturer created a different-sized plug, there would be a great deal of market division that would ultimately hurt consumers and manufacturers.

The same can be said with standards for intangible things, like the way that e-mail is sent and received. The reason that you can access both your ISP and Gmail accounts using your computer and your phone’s native email clients is because the community came together a very long time ago and agreed to define specific protocols that would should apply to anyone and everyone going forward.

This is especially important in healthcare because everyone uses it, and standards and interoperability matter even more in a medical emergency.

Most Americans think that the ‘P’ in ‘HIPAA’ stands for ‘Privacy’, but it’s actually the Health Insurance Portability and Accountability Act of 1996. We’re almost two decades past the enactment of HIPAA, and is our healthcare data really all that portable?

In a word, no. Since money drives everything, information sharing first started around insurance billing. However, there are some fantastic standards for clinical terms that work together quite well — that is, machine-readable data and values representing medical conditions, observations, and measurements. While some providers let you download data at home, most don’t have a way to share it with an external provider, and the machine-readable data is only used internally.

Some states are developing health data exchanges to support the sharing of data, and with rigid patient privacy controls – and new standards have emerged around the concepts of directly ‘pushing’ and ‘pulling’ data from other providers. But, that has yet to be used in a meaningful way in real life.

In actuality, real life goes a little something like this:

When changing providers last year, I asked my new doctor if I needed to sign anything for them to be able to electronically transfer my medical records from my old clinic, and following about five seconds of awkward silence, the following conversation ensued:

Provider: “Uh, nobody does that.”
Me: “You can’t get my records electronically?”
Provider: “Not unless it’s from within our clinics.”
Me: “So… I have to obtain the records from my old provider and then give them to you on disc or via upload?”
Provider: “No, you’ll have to order paper records and have them faxed to our scanning center.”

So, off I went… there were three providers I needed to get data from: my main provider, a hospital, and another provider out of state.

The Hospital

I went for getting a copy of my hospital records first, thinking it’d be easiest. They surely have to send data back and forth with other providers all the time for post-discharge purposes, right?

It was pretty easy to find the section of their site about accessing my medical records, but the next step wasn’t an online app or form or process, I had to fill out a form and mail or fax it. The PDF wasn’t even fillable, and for delivery options, it listed mail or fax.

I called the records department and the call kicked off:

Me: “Hi there, I’d like to talk with someone about obtaining an electronic copy of my medical records.”
Hospital: “Okay, are all of your hospital charges paid?”

They were paid, but uh… they can’t ask that. In fact, withholding medical records for payment of medical services is illegal and unethical. I know my rights, but I’m terribly concerned that others might not, and this speaks to a major problem with a system that requires you have to ask for medical records at all.

Me: “That’s not relevant.”
Hospital: “What do you mean? You need to pay before your records are released to you.”
Me: “Okay, I have a zero balance there, but you need to know that it’s illegal and unethical to withhold medical records on the basis of medical charges not being paid.”
Hospital: “Okay, what’s your Social?”

She then e-mailed me my records as a PDF — without encryption, to an email address that wasn’t already on file, with no written or electronic patient authorization, and without verifying my identity beyond asking for my Social Security Number.

The PDF document looked like this, clearly demonstrating that data is stored in a standardized, machine-readable database format:



(Hey, I’m clean!)

I called back:

Me: “Can I get the records in a more usable format?”
Hospital: “I sent you a PDF!”
Me: “Okay, I mean… a machine-readable standardized format.”

She had no idea what I was talking about.

The Primary Care Physician

My old provider’s website certainly didn’t have any information readily available on their website about how to obtain copies of my medical record, but thanks to Google I found a “Release of Information” form which had these fields:

Screen Shot 2014-01-04 at 16.19.31 CST

Of course, this wasn’t an app and it wasn’t a website — it was a form that I had to fax to them. I get a call the next day telling me to watch for an e-mail from a company called HealthPort.

After waiting weeks, I finally got such an email, but I had to pay with a credit card before I could see the records. Never mind that I already paid an egregious amount of money for the medical services themselves, I now have to pay for records of it, and on a per-page basis?

After encountering many errors during the process, I finally was able to download three PDF files that contained scans of medical records. I could understand paper charts from the 1990s being scans, but even data in recent years was printed out from an electronic, machine-readable format, and then scanned back in.

Worse, the final several pages contained someone else’s medical records.

Some improvement

In the past few months, there’s been some improvement. My current provider allows the downloading of a Continuity of Care Document (CCD) in an XML machine-readable format, which can be taken to any provider that supports importing such a record, and can also be used in health record sharing apps.

Here’s what a flu shot record looks like, for example. The data contains codes that indicate it was an immunization, the type of immunization, that it was delivered intramuscularly, on a specific date, and other data not shown here links it to the specific doctor, facility, and office visit:

Screen Shot 2015-06-19 at 09.14.02

Another provider has the same download functionality, but also with the ability to transmit it securely to another provider, assuming that they support it:

Screen Shot 2015-06-19 at 09.22.10

With interoperability being promoted and incentivized by the federal government, things should start to be a lot better for patients in the near future – and instant access to medical data will save lives. But in the meantime, it’s a mess.