Bottom Line

ScanSTAT Technologies fully understands what is required of us by HIPAA regulation and we fulfill all medical records requests in the most efficient and satisfactory manner possible.  Our goal is to eliminate inefficiencies and prevent the waste of resources.

Experience has taught us that less than one percent of Continuity of Care records requests actually require the full medical record.  Because of this statistic, ScanSTAT has established a best practice as it relates to the concept of “Minimum Necessary” and our transfer of medical records for the purpose of continuity of care (COC).

“Minimum Necessary” is a stipulation of the Privacy Rule that requires Covered Entities and their Business Associates to take reasonable steps to limit the amount of health information produced. ScanSTAT applies professional discretion and prioritizes the need of the requester over the volume of the record.  However, ScanSTAT does not compromise individual patient care or other critical information which is communicated via medical records.


ScanSTAT Technologies is a company built on efficiency, compliance and satisfactory product fulfillment. ScanSTAT best practices apply the Minimum Necessary rule along with HIPAA and other state and federal regulations.  Our healthcare data experts work diligently to understand the objective of each request.  Then, ScanSTAT utilizes the most secure and efficient processes to facilitate the transfer of information to the intended destination.

Healthcare organizations, providers and companies like ScanSTAT frequently face difficulties when they transfer medical records.  Here is an example:

Kathy moves across four states to live closer to her son.  She goes to a new provider and signs a release authorization, checking the box “all medical records” so that all of her medical records will be transferred from her previous provider.  In her case, “all medical records” encompass 280 pages of records.  Kathy’s new provider does not require, desire nor is obligated to receive and take ownership of Kathy’s entire medical record.  The receiving provider is now burdened to determine what information to keep and what to discard.  This unnecessary inundation of medical records can clutter a fax inbox at a practice, delay workflows and adversely affect the care provided to patients, possibly even to the new patient, Kathy.

Our Policy

The ScanSTAT fulfillment policy for a COC request is based on a proven and effective working definition of “Minimum Necessary” and a number of other variables.  These variables include, but are not limited to:

• The interest of the ScanSTAT Client

• Patient age

• Patient condition

• Size of the medical record

• Organization’s EHR product

• The specialty of the provider

ScanSTAT remains HIPPA compliant while notifying the receiving party of the professional discretion which we apply to a records request.  Here is a copy of the notice that is provided with every COC request to which ScanSTAT has “limited the upload.”

ScanSTAT attaches the above letter to hundreds of records every day.  We receive minimal responses seeking the transfer of further information.  It is with even greater infrequency that we receive complaints from requesters regarding our process.

The above letter clearly states to the requester that more information is available.  As long as there is not a stated refusal to release more information, no violation or unwillingness to comply has occurred.

ScanSTAT has received numerous positive responses from providers about this policy and some providers have adopted the ScanSTAT process themselves for COC requests.