Patients may soon have direct access to their medical test results if a proposed rule change by the U.S. Department of Health and Human Services (HHS) goes through later this year.

According to HHS, the new rule would expand the ability of patients to view their health information and lab results covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) through the use of health information technology.

Under the Clinical Laboratory Improvement Amendments of 1988 (CLIA), a laboratory may only release test results directly to patients if a health provider authorizes it at the time of the test, or state law expressly allows for it. The proposed rule would amend CLIA so that labs can give patients their test results upon request.

The announcement was made by Kathleen Sebelius, secretary of HHS, at the department’s Consumer Health IT Summit on Monday, Sept. 12, which kicked off National Health IT Week.

“In the past, as many as 20 percent of the lab results never made it out of the lab,” she said. “Under this rule, you’ll be able to get [them] directly.”

Sebelius called the proposal a “big deal” for patients nationwide and added in press release that when armed with test results, patients “are more likely to ask the right questions, make better decisions and receive better care.”

The proposed rule is being jointly issued by three agencies within HHS, including the Centers for Medicare & Medicaid Services (CMS), the Centers for Disease Control and Prevention (CDC) and the Office for Civil Rights (OCR). The CDC is responsible for regulating laboratories under CLIA, while the OCR is responsible for administering the Privacy Rule that was issued under HIPAA.

The current Privacy Rule requires most clinical laboratories to give individuals access to their health information on request. But those requirements, deferring to CLIA, also include an exception for direct access by patients to test result reports.

In the 26 states that don’t have laws authorizing direct disclosure of test results to patients and 13 states that completely prohibit it, patients do not have access to their complete medical information. The proposed rule would eliminate the exception in CLIA and pre-empt the state laws that prohibit a patient’s direct access to lab results.

A final ruling is expected later this year.

Summit Touts Benefits of Health IT

The Consumer Health IT Summit featured representatives from medical providers, insurance companies and health IT vendors. Electronic health records (EHRs) were widely discussed, with Sebelius revealing that the Obama administration had heard from providers that they wanted to upgrade to EHRs, but the process was cost prohibitive and hard to use, particularly without common standards.

She reported that 62 health IT regional extension centers have been created across the country that are available particularly for small practices to get the help and assistance with adopting EHRs.

Sebelius added that the government’s investment in frameworks so that data could be shared securely and incentive payments to providers and hospitals to use EHRs have made great gains in a short period of time.

“In a matter of months, 80,000 doctors have signed up to take advantage of payments,” Sebelius said, referring to EHR incentive payments. “Seventy percent of practices have signed on with extension centers. That is incredible progress in a short period of time.”

A voluntary Personal Health Record (PHR) Model Privacy Notice, was also introduced at the summit. The notice creates a standardized template similar to nutrition facts labels. The template allows a Web-based PHR company to inform consumers about its privacy and security policies so citizens can compare and contrast the products and choose one that works for them.

Rodriguez Named Director of OCR

Sebelius also announced Leon Rodriguez as the new director of OCR. His role and that of OCR, is to ensure the confidentiality and security of patients’ health information.

“Consumers need to know that private and secure access to their health information is a given,” Rodriguez said in a statement. “The privacy and security of health data will be a top priority for OCR during my tenure.”

Brian Heaton  |  Senior Writer

Brian Heaton is a senior writer for Government Technology. He primarily covers technology legislation and IT policy issues. Brian started his journalism career in 1999, covering sports and fitness for two trade publications based in Long Island, N.Y. He's also a member of the Professional Bowlers Association, and competes in regional tournaments throughout Northern California and Nevada.