The 5 Phases of the Release of Information Process

Here’s what happens when you request your medical records

The release of information — ROI —  process consists of more than 40 steps. We can divide these steps into five phases, according to the Association of Health Information Outsourcing Services. In this blog post, we’ll:

  • Describe what happens during each phase of the ROI process, which are:
    • Recording, tracking and verifying the request
    • Retrieving your protected health information — PHI
    • Safeguarding your sensitive medical information
    • Releasing your PHI
    • Completing the request and preparing an invoice
  • Explain how using an electronic health information exchange benefits patients

Keep in mind that this is a broad and relatively easy-to-understand overview of the ROI process. In practice, for each step in the medical records release process, the ROI professional handling the request has to verify certain conditions are met before determining which action to take next.

An image with icons that represent the 5 phases of the release of information process

Phase 1: Recording, Tracking and Verifying the Request

The process begins when the requestor fills out a medical release of information form or mental health release of information form. The requestor can be you — the patient. However, it can also be an interested party such as an attorney, insurance company, or medical research institute. If you’re not the requestor, you’ll first have to authorize the interested party.

The ROI form gives the healthcare organization — like a hospital — the authority to release a specific portion of your medical record.

When the healthcare organization receives the ROI request, the ROI department immediately records it. They also check whether or not the authorization is valid.

Phase  2: Retrieving Your PHI

An ROI professional performs a search for the medical record number. Once they’ve located it, they determine whether the file is in hard copy, microfilm, or electronic format. They also check whether it’s stored offsite, onsite, or digitally. In some cases, they have to retrieve a combination of all three formats from all three types of locations.

With the medical records in hand, they extract your protected health information — PHI — and upload it to the release of information software.

If they can’t locate the medical record, they make a note of that in the tracking software and notify you.

Phase  3: Safeguarding Your Sensitive Information

The ROI professional examines every image or page carefully. They have to make sure it doesn’t contain any state or federally protected health information that the healthcare organization isn’t authorized to release. If it does, they reject the request and update the status in the tracking software.

If it doesn’t, the ROI professional verifies that all the pages and images are in fact a part of your file — not someone else’s. They also check that the dates of service are correct.

Next, they scan a backup set of the request and authorization into the tracking software. In addition, they scan any hard copy items and images into the tracking software to form the medical records set. Then they reassemble the hard copy chart and return it to storage.

Phase  4: Releasing Your PHI

Before releasing the information, the ROI professional matches the request to make sure it’s really your data. To do this, they verify your social security number and date of birth. They also refer to the diagnosis to check that they’re releasing information about the correct treatment.

Next, the ROI department performs a quality review to make sure the correct PHI is included. This means another ROI professional confirms the records are the correct type and fall within the appropriate date range. They also check that the records are oriented correctly.

Phase  5: Completing the Request and Preparing an Invoice

In the final phase of the process, the ROI professional checks the information one last time. They apply state statute pricing to determine the fee and prepare an invoice. Then they place the records and invoice, along with any affidavit or certification, in an envelope and mail them to you.

Alternatively, they can send the documents to you via a secure, encrypted digital method such as email or an online platform.

The Value of Using an Electronic Health Information Exchange

As we’ve seen, the release of information process is highly complex. Moreover, ROI departments must comply with HIPAA regulations at every step. That’s why it’s so helpful to rely on an electronic health information exchange provider like ChartRequest. 

We streamline the process and make it much more efficient for both patients and healthcare organizations. At the same time, we always safeguard your data with our state-of-the-art security measures. As a result, you never have to worry about your PHI being disclosed to an unauthorized party or falling into the wrong hands.