Under the current regulations, known as the Clinical Laboratory Improvement Amendments (CLIA), laboratories are restricted from disclosing test results to patients directly. Instead, labs can only send the test results to health care providers, people authorized to receive test results under state law or other labs. Only a handful of states permit labs to send patients test results directly, and some of these states require the provider’s permission before patients can have the results. The HIPAA Privacy Rule reflects this restriction, exempting CLIA-regulated labs (which are the great majority of clinical labs) from patients’ existing right to access their health information.
This existing regime has put patients at risk. A 2009 study published in the Archive of Internal Medicine indicated that providers failed to notify patients (or document notification) of abnormal test results more than 7 percent of the time. The National Coordinator for Health IT recently put the figure at 20 percent. This failure rate is dangerous, as it could lead to more medical errors and missed opportunities for valuable early treatment. (More)