AS SEEN IN:
On September 15th, 2020 the Office for Civil Rights (OCR) announced a record breaking 5 HIPAA settlements in one day!
- Housing Works Inc. - $38,000 Fine
- All Inclusive Medical Services, Inc. - $15,000 Fine
- Beth Israel Lahey Health Behavioral Services - $70,000 Fine
- Wise Psychiatry, PC - $10,000 Fine
- King MD - $3,500 Fine
Since 2019 the OCR has focused on their "HIPAA Right of Access" initiative, prioritizing patient's ability to access their medical records in a timely manner. These five settlements bring the total to seven access related enforcement actions. The OCR has spoken and the time to adapt is now or risk facing a simmilar fine and corrective action plan!
Roger Severino - Director, Office for Civil Rights (OCR)
"Today's announcement is about empowering patients and holding healthcare providers accountable for failing to take their HIPAA obligations seriously enough." 9/15/2020
Key lessons learned from the 5 recent HIPAA settlements
The HIPAA fines and corrective action plan had one main theme in common - not supplying patient's a copy of requested medical records in a timely fashion.
The other key item from the action of the OCR is that the fines were not large multi-million dollar fines that are based on data breaches occurring. These were fines that ranged from $3,500 to $70,000 and were all based on a patient making a complaint to the federal government, which upon investigation, lead to findings of noncompliance with HIPAA and patient's rights defined by HIPAA.
- Patients Have the Right to file a Complaint - the common theme for these HIPAA fines is they were based on patient complaints to the Department of Health and Human Services. Once the complaints were received, the OCR opened investigations and found non-compliance with the HIPAA requirement of Patient's Right of Access
- Missing the Timelines - the HIPAA patient's access requirement is very clear, an organization has 30 days from the day of receipt of the request without any delay to respond and provide the records to the request. The organizations that received the HIPAA Fine did not respond in the defined timeframe
- Incorrect Reasons for Denial - Under the HIPAA Patient's Right of Access, a healthcare organization can deny a request to records, but there are very specific reasons and guidance to be able to deny access. In addition, the denial must be provided to a patient in written format with information on how to appeal the denial. Having a clear process for this is important to set the organization up for success when denying access
- No Formal Process - During the investigation, the organizations were all found to not have current documented policies and procedures for responding to a patient's request for a copy of his/her medical records. Healthcare organizations need to have a written policy and procedure that defines the process of receiving the request and responding to the request
- Lack of Employee Education - Lack of employee education was a finding in all of the 5 HIPAA fine scenarios. For organizations to be successful, all employees need to know and understand the requirements and the process. Training is not a one-time event, it needs to be incorporated into an annual training plan for all workforce members
Healthcare organizations of all sizes and specialties need to take swift action to establish a robust patient access request and response process to support patient's rights under HIPAA. If your organization doesn't have a documented policy and procedure, hasn't educated your workforce on the patient access requirements and your policy, or conducted auditing to make sure you are meeting expected timeframes, now is the time to act!
MASTERING HIPAA PATIENT ACCESS
The Most Simple, Complete and Economical System Ever Created to Quickly Reduce Your Organizations Risk for a "HIPAA Right of Access" Fine and Corrective Action Plan!
Education & Guidance on Patient Access ($99 Value)
The latest information and guidance on what you need to know to understand and master HIPAA Patient Access.
Customized Patient Access Policy & Procedure ($199 Value)
Your own custom Patient Access Policy and Procedure with a simple to follow step by step implementation plan.
Customized Patient Access Request Form ($99 Value)
A complete and fully compliant Patient Access Request Form customized to your organization.
Customized Patient Access Response Letters ($99 Value)
Complete and compliant Patient Access Response letters customized to your organization.
Organization Workforce Training on Patient Access ($199 Value)
Critical guidance and education for your entire organizations workforce on Patient Access.
Guidance on Auditing ($99 Value)
Simple to understand and follow audit process and guidance to make sure your organization is compliant.
Sarah - Olson Dental Care
"HIPAA is a large subject and very complicated to manage on your own, and it can be overwhelming and time consuming to tackle without proper knowledge of laws and regulations. Planet HIPAA and Danika streamline the process and make it much easier to comprehend and implement!"
HIPAA COMPLIANCE EXPERT
DANIKA BRINDA, PhD
Meet Dr. Danika Brinda.
Danika is the CEO of Planet HIPAA and is a nationally recognized healthcare privacy & security consultant.
She is a national speaker, educator and information security officer.
Danika has a true passion for HIPAA and is known for her ability to make HIPAA easy to understand and even fun.
She has over 15 years experience working directly with hundreds of healthcare practices of all sizes and types.
Danika has successfully created multiple solutions to empower healthcare practices to quickly achieve HIPAA compliance in a simple and cost effective way.
Mastering HIPAA Patient Access is her best creation to date!
7-DAY MONEY BACK
When you purchase Mastering HIPAA Patient Access you are fully protected by our 100% Satisfaction Guarantee. If you don't feel like you've received value any time within the next 7 days, just let us know and we'll send you a prompt refund. No hassles, headaches or hoops to jump through.
We're confident that you'll find Mastering HIPAA Patient Access useful, and we won't make you beg or invoke any silly rules or conditions - if you're not satisfied within your first 7 days then we'll refund you without any fuss.
THINKING ABOUT SIGNING UP?
GET YOUR QUESTIONS ANSWERED...
WHAT IS "MASTERING HIPAA PATIENT ACCESS"?
WHY DO I NEED "MASTERING HIPAA PATIENT ACCESS"?
WHO IS "MASTERING HIPAA PATIENT ACCESS" FOR?
WHAT IF I PURCHASE "MASTERING HIPAA PATIENT ACCESS" AND THINK IT IS NOT FOR ME?
I HAVE A QUESTION NOT ANSWERED HERE. HOW CAN I GET HELP?
THE COST OF INACTION
Will a patient complaint make you and your organization next for fines, corrective action plans and bad press? The time for action is now!