OCR Announces Trio of Access Cases; Already Stung, One Dental Chain Eliminates All Fees

Health Care Compliance Association (HCCA)

Health Care Compliance Association (HCCA)

Report on Patient Privacy 22, no. 10 (October, 2022)

How about free?

Patients daily face the machinations of getting records from their providers, and health care practices, hospitals and even dentists struggle with confusing fee schedules, murky payment limits, and what is really meant by the “reasonable cost-based fee” they’re allowed to charge.

And they’ve also got to be quick about it, so they don’t blow the timeframes for access, thus giving patients another reason beyond fees to complain to the HHS Office for Civil Rights (OCR).

The danger that providers will get it wrong and face enforcement action by OCR is real. Last month OCR announced three new settlement agreements against providers—all dentists—who were either late, charged too much or didn’t provide full records.[1] They bring to 41 the number of covered entities (CEs) that paid fines and, generally agreed to corrective action plans (CAPs) that are themselves costly to implement.

Among the new cases is Great Expressions Dental Center of Georgia, which paid $80,000 and agreed to a two-year CAP. OCR accused the practice of being both tardy and charging an excessive fee. In response—or what Great Expressions’ general counsel called evidence of a “silver lining”—the chain of 300 independently owned practices with 500 dentists among them did away with all records fees previously charged to patients, RPP has learned.

New OCR Director Melanie Fontes Rainer announced the trio of settlements on Sept. 20, just a week after she was sworn into the position permanently; she was named acting director in July (see story, p. 1).[2]

Then-OCR Director Roger Severino began the Right of Access initiative in 2019. OCR’s volume of access cases increased from just two that year but remained fairly constant. In 2020 it had 11 such cases and 12 last year. So far this year, however, it has issued 16 such enforcement actions, including the three recent cases.

The 41 cases have collectively brought OCR approximately $2.83 million in fines and penalties. On occasion, fines have appeared higher than others when OCR has received more than one complaint about the same CE, but that was not the case with any of the three new settlements.

The initiative has touched nearly every size of practice and specialty, from hospitals and nursing homes to solo practitioners, and has included podiatrists, plastic surgeons, dermatologists, retina specialists, spine surgeons, cardiologists, primary care physicians and federally qualified health organizations.

Penalties against CEs sanctioned for access violations have ranged from $3,500, which came from a psychiatrist in Virginia who had two complaints against her, to $240,000 paid by Memorial Herman Health System. In that case, a patient made five requests and received her records 564 days late, OCR said.[3]

In her new announcement, Fontes Rainer took specific aim at dentists, warning that the “actions send an important message to dental practices of all sizes that are covered by the HIPAA Rules to ensure they are following the law.”

She called requesting patient records “a fundamental right under HIPAA,” which should be fulfilled “in most cases, within 30 days.” Fontes Rainer added that she hoped “these actions send the message of compliance so that patients do not have to file a complaint with OCR to have their medical records requests fulfilled.”

But that might be what happened in the case of a Great Expressions patient who was seen by a dental practice in Georgia; no city or other information is included in OCR’s statements.

According to OCR’s announcement, the agency received a complaint in November 2020 that a Great Expressions patient had not received copies of her medical records “because she would not pay [the practice’s] $170 copying fee.”

OCR explained that she initially requested her records “in November 2019, but did not receive them until February 2021, over a year later.”

It is not clear from OCR’s news release or settlement agreement posted online whether OCR’s involvement led the practice to provide the records or if it did so voluntarily—ofttimes in such settlements, OCR will say that it was only after hearing from the agency that a practice complied with a request. This settlement also gave no indication when OCR itself contacted the practice.

1 U.S. Department of Health & Human Services, “OCR Settles Three Cases with Dental Practices for Patient Right of Access under HIPAA,” news release, September 20, 2022, https://bit.ly/3RrEeCQ.
2 Theresa Defino, “Acting OCR Director Named to the Post Permanently, Has Many Tasks to Accomplish,” Report on Patient Privacy 22, no. 10 (October 2022).
3 Jane Anderson, “OCR Adds Eight Access Settlements; Enforcement Actions Now Total 38,” Report on Patient Privacy 22, no. 8 (August 2022), https://bit.ly/3E8DrUy.
4 U.S. Department of Health & Human Services, “Family Dental Care, P.C. Resolution Agreement and Corrective Action Plan,” August 1, 2022, content last reviewed September 20, 2022, https://bit.ly/3Rsjpax.
5 U.S. Department of Health & Human Services, “Great Expressions Dental Center of Georgia, P.C. Resolution Agreement and Corrective Action Plan,” September 1, 2022, content last reviewed September 20, 2022, https://bit.ly/3frlvdo.
6 U.S. Department of Health & Human Services, “B. Steven L. Hardy, D.D.S., LTD (`Paradise’) Resolution Agreement and Corrective Action Plan,” August 9, 2022, content last reviewed September 20, 2022, https://bit.ly/3CC8mYp.

[View source.]

Written by:

Health Care Compliance Association (HCCA)

Health Care Compliance Association (HCCA) on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide