HIPAA Right to Access Information Enforced

Edward Leeds
Ballard Spahr LLP
Contact
LinkedIn
Facebook
X
Send
Embed

Ballard Spahr LLP

With all of the attention on Health Insurance Portability and Accountability Act (HIPAA) requirements to safeguard the privacy and security of a patient’s health information, covered entities sometimes overlook the HIPAA provisions that give patients rights to their information. This includes a patient’s right to access his or her medical and billing records from providers and records in areas spanning billing, enrollment, payment, claims adjudication, medical management, and care decisions from health plans.

Earlier this week, the Office of Civil Rights of the Department of Health and Human Services (OCR) announced its first settlement agreement under an initiative to enforce patients’ rights to access their medical records. HIPAA typically requires covered entities to provide patients access to their records within 30 days of a request. In this case, OCR found that the provider furnished incomplete records to the patient’s counsel about five months after the patient’s initial request (with interim correspondence from counsel) and complete records to the patient’s counsel about 10 months after the initial request.

The new settlement agreement requires the provider to pay $85,000 and adhere to a corrective action plan that includes developing appropriate policies and procedures for individual access to information, distributing the policies and procedures to appropriate members of its workforce, and training workforce members on the policies and procedures to ensure compliance. The provider must also address this matter appropriately with business associates and provide OCR with a list of its business associates along with copies of all business associate agreements. Failure to provide patients timely access to information within the next year must be reported to the Department of Health and Human Services within 30 days.

Health care providers, health plans, and health care clearinghouses should have policies and procedures in place that allow them to provide a patient with prompt access to his or her health information at a reasonable charge (if any). Some state laws also regulate how much a provider can charge for copies of medical records. Business associate agreements should address vendor responsibilities on providing patients’ access to their information. 

 
Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Ballard Spahr LLP | Attorney Advertising

Written by:

Ballard Spahr LLP
Ballard Spahr LLP
Contact
more
less

Ballard Spahr LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide