MTVA Founding Member
icon
(317) 810-1702
Contact Us

Attestation Now Required for Many Record Requests: What You Need to Know

Updated February 10, 2025

The world of medical record requests has always been complex, but recent changes have added a new layer of complication: attestations are now required in many cases. This change stems from ongoing political and legal battles over reproductive healthcare rights in the United States.

Background: The Reproductive Healthcare Debate

For decades, abortion was federally protected in the United States. However, the Supreme Court’s decision to overturn Roe v. Wade shifted the power to regulate reproductive healthcare back to individual states. As a result, laws now vary widely, with some states protecting access to reproductive services and others criminalizing them.

In response to this evolving landscape, the Biden administration introduced protections to safeguard individuals seeking reproductive healthcare. These protections aim to prevent the release of medical records for purposes of investigation or punishment related to seeking or providing reproductive healthcare services in states where such actions are restricted or illegal.

Why Are Attestations Now Required?

Release of Information (ROI) offices now face new responsibilities: ensuring that medical records are not released for purposes of investigation or punishment. To meet this need, attestations—a formal statement verifying the intent behind a record request—are increasingly required.

While federal law suggests that patient-signed authorizations alone should be sufficient, many ROI offices are taking extra precautions by requiring attestations for all requests, even when patient authorization is provided.

Inconsistent Policies Across Providers

The interpretation and implementation of these attestation requirements vary across ROI vendors. Here’s where key industry players stand today:

  • Sharecare & Healthmark: These providers do not require attestations for requests accompanied by a patient-signed authorization.
  • Datavant (CIOX): Will NOT require an attestation with a patient-signed authorization going forward. Several steps have been taken internally to ensure this practice has been implemented uniformly across their many onsite ROI operation centers.
  • MRO: Will continue to require the attestation with all requests at this time.

These policies are still evolving, and our ongoing discussions with vendors are expected to provide more clarity in the coming weeks.

What This Means for You

Here are the key takeaways for handling medical record requests moving forward:

  • Be prepared for rejections: Missing attestations are becoming a common reason for request denials.
  • Streamline your process: National Record Retrieval (NRR) can keep a signed attestation on file for your firm. This ensures efficiency and saves your staff time by eliminating the need to complete new attestations for each request.

Staying Adaptable in a Changing Landscape

This situation is evolving, with updates expected as vendors, legal teams, and government agencies clarify the rules. For now, flexibility and attention to detail will be essential.

There have been legal challenges that may affect the viability of this new rule remaining as currently written long term. This HIPAA Journal article “States Challenge HIPAA Privacy Rule Update Strengthening Reproductive Health Information Privacy” provides additional details on the topic.

Bookmark This Post for Updates
We will continue to provide updates as this regulatory landscape develops. Thank you for your diligence as we navigate this challenging environment together.

As always, the National Record Retrieval team is here to assist with any questions or concerns you may have.

    Get in Touch

    Please drop us an email using the form below to inquire about our products and services, or to provide feedback.