On January 8, 2018, Ciox Health, LLC (Ciox) filed a complaint against the Department of Health and Human Services (HHS) and then-acting Secretary Eric D. Hargan, alleging that the Department’s rules and guidance, under HIPAA and HITECH, “impose[] tremendous financial and regulatory burdens on health care providers and threatens to upend the medical-records industry that services them.” The complaint claims that the Department’s 2013 omnibus rule and 2016 guidance violated the Administrative Procedures Act, and it asks District Judge Mehta of the United States District Court for the District of Columbia to declare those acts unlawful and further enjoin HHS from further enforcing either of them.

In particular, Ciox’s lawsuit targets the fee that can be charged to third-party entities requesting a copy of an individual’s medical records. Although the complaint acknowledges an individual’s right, under HIPAA and 45 C.F.R. § 164.524(c), to get his or her own records for little or no fee, the lawsuit vehemently opposes establishing similar cost-regulated access for third parties—like an attorney or insurance company—requesting an individual’s records. Ciox argues that the 2013 rule, and later the 2016 guidance, from HHS arbitrarily imposes the fee schedule intended for individuals seeking their own records on third parties seeking the patient’s records, which lacks any authority—in Ciox’s view—under HIPAA or HITECH.

As set forth in the 2016 guidance, if an individual requests his or her own medical records but indicates that they should be provided to a third party, like his or her attorney, the medical-records keeper, like Ciox, may only charge the rate that would be applicable if that individual was seeking the records for him or herself—a “reasonable, cost-based fee.” Ciox maintains that the ability to charge higher rates for records requests from third-parties significantly subsidized and allowed for it to provide records to individuals at little to no fee. However, Ciox fears that adherence to the 2016 guidance will dissipate the revenue that previously allowed it to accommodate patient, or provider, records requests at no charge.

It remains to be seen what procedural and substantive roadblocks may lay ahead for Ciox’s claim against the Department. However, this action is an example of how private, for-profit, entities must grapple with federal and state agency regulations while still attempting to remain profitable. While this lawsuit may attempt to strike a balance between the needs of the government to provide patients access to their medical records and the free market’s rate setting, we’ll have to wait and see how it unfolds.

[View source.]