Waking up every morning is an eye-opening experience. Do you know what else is an eye-opening experience? Waking up to see all of the enforcement investigations the OCR launched against practices like yours.
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced the completion of eleven investigations in its Health Insurance Portability and Accountability Act (HIPAA) Right of Access Initiative.
Under the HIPAA Privacy Rule, the OCR launched this effort to assist individuals’ right to timely access to their health records at a reasonable cost. HIPAA provides individuals with the right to view and get copies of their health information from their healthcare providers and health plans. A HIPAA-regulated entity has 30 days after receiving a request to provide an individual or their representative with their records in a timely manner.
OCR Director, Lisa J. Pino, states, “Health care organizations should take note that there are now 38 enforcement actions in our Right of Access Initiative and understand that OCR is serious about upholding the law and peoples’ fundamental right to timely access to their medical records.”
Practices are no longer sneaking under the radar! The Office for Civil Rights (OCR) just concluded its thirty-eighth enforcement action since the HIPAA Right of Access Initiative began in 2019. Totaling over $646,000 across eleven penalties, the announcement of the verdicts includes eleven cases.
Here is a brief breakdown of a couple of the cases just released by HHS:
The first dental action includes a $5,000 settlement for failure to comply with the Right of Access provision stating covered entities must permit individuals to inspect and obtain a copy of their PHI.
An eye care practice made the mistake of not providing a copy of a patient’s medical records until three days after the OCR investigated. Now that is crazy! To settle a potential violation of the HIPAA Privacy Rule right of access standard, the practice agreed to take corrective actions and pay $22,500.
Something as simple as not giving your patients access to their data quickly enough can result in a huge fine! One not-for-profit health system learned the hard way by not responding timely enough to a complainant’s access request. This cost the health system a whopping $240,000!
So, whether it’s responding to a request or delivering that request on time, you need to make sure your practice is on point to avoid these heavy penalties.
As we can see the queen bee (Lisa Pino) isn’t joking around on pushing the OCR’s HIPAA Right of Access Initiative across practices, we encourage you to ensure you have the right HIPAA compliance measures in place. So what’s the holdup?