Occasionally healthcare organizations receive requests for medical records where no records are returned after the specified search.  How should healthcare organizations handle responding to the requestor when no records are found?

Why would no records return?

Patients frequently authorize third parties to receive a copy of their health information.  Occasionally, a third party request comes through where the patient is not found in the system, or the records specified in the request are not found.  This can happen for a variety of reasons including the following:

  • The patient is not in fact a patient.
  • The practice may have reached their designated retention limits, and the records are no longer maintained.
  • Another provider may have delivered the care in question, and it is not part of the authorized provider’s designated record set to release.
  • There could be errors on the authorization that do not match a known patient.

What should I double-check?

If no records return for an authorization, consider your options for due diligence.  Try looking up variations of the patient’s name, just the first few letters of their first and last name, or their date of birth.  Occasionally information is miswritten on the authorization which can lead to confusion.  If you believe you have the records for the patient in question but the authorization is incorrect, you may return to the requestor and ask that they correct their authorization to be able to fulfill the records.

How do I respond when no records return?

When an authorization for records returns no results, your organization may inform the requestor you did not find any records to fulfill their request.  Because you spent time searching for the records and following your HIPAA-compliant workflow, the majority of states also allow you to charge the requestor for the time spent, even if it yielded no results.  Many third-party requestors will push back when they receive an invoice but did not receive records; however federal law does not explicitly prohibit this practice.  Time is money, and your organization spent time searching for the records and should not be penalized for requestor errors.

Release Records Requests to a Partner

Responding to release of information requests is a time-consuming process – especially if records are not found and you have unhappy requestors calling your practice.  If you find records requests and the ensuing compliance concerns take too much of your staff’s valuable time, consider releasing this administrative burden to a partner.  ScanSTAT Technologies processes hundreds of thousands of records requests annually and is an industry leader with our 24-hour turnaround time and accuracy rate.  If you are ready to focus on patient care and leave the records requests (and compliance questions) behind, request a demo today to see how we can help.


This FAQ is for informational purposes only and does not constitute legal advice. Seek your own legal counsel to ensure compliance with federal and state law.