Honoring Dental Patients' Privacy Rule Right of Access in the Context of Electronic Health Records

A person's right to access his or her protected health information is a core feature of the U.S. Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. If the information is stored electronically, covered entities must be able to provide patients with some type of machine-readable, electronic copy of their data. The aim of this study was to understand how academic dental institutions execute the Privacy Rule's right of access in the context of electronic health records (EHRs). A validated electronic survey was distributed to the clinical deans of 62 U.S. dental schools during a two-month period in 2014. The response rate to the survey was 53.2% (N=33). However, three surveys were partially completed, and of the 30 completed surveys, the 24 respondents who reported using axiUm as the EHR at their dental school clinic were the ones on which the results were based (38.7% of total schools at the time). Of the responses analyzed, 86% agreed that clinical modules should be considered part of a patient's dental record, and all agreed that student teaching-related modules should not. Great variability existed among these clinical deans as to whether administrative and financial modules should be considered part of a patient record. When patients request their records, close to 50% of responding schools provide the information exclusively on paper. This study found variation among dental schools in their implementation of the Privacy Rule right of access, and although all the respondents had adopted EHRs, a large number return records in paper format.