OCR Announces Five HIPAA “Right of Access” Settlements

Ada Janocinska
Rivkin Radler LLP
Contact
LinkedIn
Facebook
X
Send
Embed

Rivkin Radler LLP

On September 15, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced five new settlements relating to enforcement of HIPAA’s right of access rule. Under HIPAA, patients have the right to timely access to their medical records, as recently discussed here.

A HIPAA covered entity must respond to a patient’s request for access to records within 30 days of receiving the request. HIPAA permits covered entities to charge patients a reasonable fee for such access, unless otherwise prohibited by applicable state law. Last year, OCR announced that it is prioritizing enforcement of this rule as part of its HIPAA Right of Access Initiative.

Each of the newly announced settlements stemmed from a patient complaint which triggered an OCR investigation. In each case, the covered entity ignored or denied a patient’s request for access to or copies of his or her medical records, and the patient filed a complaint with OCR. OCR concluded that the covered entities potentially violated the HIPAA right of access rule and settled with each covered entity for a monetary fine. Each covered entity also agreed to implement a corrective action plan that includes monitoring by OCR to ensure HIPAA compliance. The five settlements are as follows:

  • Housing Works, Inc., a New York City non-profit organization that provides healthcare services and other community resources such as homeless services, job training and legal aid to individuals affected by HIV/AIDS, agreed to pay $38,000 for failing to provide a patient with access to his medical records on two separate occasions;
  • All Inclusive Medical Services, Inc., a California-based family medical clinic, agreed to pay $15,000 for refusing a patient access to her medical records;
  • Beth Israel Lahey Health Behavioral Services, a large network of mental health and substance abuse services in Massachusetts, agreed to pay $70,000 for failing to respond to a request from a patient’s personal representative to access her father’s medical records;
  • King MD, a small psychiatric services provider in Virginia, agreed to pay $3,500 for failing to respond to a patient’s request for access to her medical records on two separate occasions; and
  • Wise Psychiatry, PC, a small psychiatric practice in Colorado, agreed to pay $10,000 for failing to provide a parent with access to his minor son’s medical records on two separate occasions.

These settlements are a reminder to all covered entities about the importance of complying with HIPAA and, in particular, ensuring that patients have access to their medical records as required by law. “Patients can’t take charge of their health care decisions without timely access to their own medical information,” said OCR Director Roger Severino, adding that the OCR settlements are “about empowering patients and holding health care providers accountable for failing to take their HIPAA obligations seriously enough.”

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Rivkin Radler LLP | Attorney Advertising

Written by:

Rivkin Radler LLP
Rivkin Radler LLP
Contact
more
less

Rivkin Radler LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide