On September 12, 2011, the Office of National Coordinator (ONC) for the United States Department of Health & Human Services (HHS) announced a Proposed Rule that will enable direct access to laboratory test results by patients.  Under the Clinical Laboratory Improvement Amendments of 1988 (CLIA), laboratories must hold a CLIA certificate in order to perform one of three levels of complex laboratory tests regulated by CLIA.  Even before the passage of the Health Information Technology for Economic and Clinical Health Act (HITECH Act), concerns have been expressed regarding the lack of clarity under state law, and the literal prohibition in some states, regarding whether a CLIA laboratory that is independent (as opposed to hospital based) may release laboratory test results directly to a patient.  

Under the current CLIA regulations, CLIA restricts a lab’s disclosure of lab test results to one of three categories of individuals: the “authorized person,” the person responsible for using the test results in the treatment context, and in the case of reference labs, the referring lab.  CLIA defines an “authorized person” to be the individual authorized under State law to order or receive test results, or both.  Although many states do not expressly prohibit the lab from providing the test results directly to the individual patient, many of such states only expressly provide for the provision of lab test results to the ordering physician and remain silent on whether the lab can also provide the test results to the patient.  Accordingly, state regulators in some of these states have interpreted such silence as prohibiting the lab from releasing lab results directly to patients absent an express directive from the ordering physician that such a patient is an “authorized person.”  As also noted above, many other states expressly prohibit the provision of test results directly to the patient. (See page 17 of the Proposed Rule, which provides a chart breaking down the status of state laws in regard to whether direct access to lab results by patients is allowed.)

The Proposed Rule will not only expressly permit CLIA labs to provide patients with direct access to their test results, if the lab is also a HIPAA covered entity, such a lab would be required to provide the patient with direct access to his or her lab results. Due to the HITECH Act’s amendments to HIPAA, HIPAA labs also would be required to provide the patient with access to his or her lab results in an electronic format if requested by the patient. CMS is requesting comments on the ability of labs to provide electronic copies of PHI in machine readable or other electronic formats. The Proposed Rule states that it would preempt current state laws that are contrary to its requirements. 

The deadline for public comments to Proposed Rule is October 14, 2011. If finalized, CLIA and HIPAA labs would be required to comply with the Proposed Rule 240 days after publication of the Final Rule.  To read the Proposed Rule, click here.