Home About Blog Contact Us Put My HIPAA On Autopilot! Login

5 More HIPAA Patient Rights Violations: Strategies for Avoiding Fines

In September of 2019, the Office of Civil Rights (OCR) of the Department of Health and Human Services settled the first HIPAA Fine and Corrective Action Plan for $85,000.  Fast forward a little over 2 years and The OCR just assigned 5 more fines and corrective actions plans for non-compliance with Patient Access now totaling 25 covered entities with settlements with fines.  This is a wake-up call for the entire healthcare industry regardless of specialty that having a defined process in place to respond to a patient’s request for information is a MUST.

HIPAA is very clear in the regulations regarding patient access.  The main components of the Patient Access Regulation are that:

  •  Patients have a right to inspect and get a copy of their health information
  •  All record requests should be provided to the patient within 30 days with no unreasonable delay
  •  A one-time 30-day extension may be used, but the patient needs to be informed in writing within the initial 30 days
  •  The patient can request a specific form and format of access, and if readily productive should be provided in that format by the covered entity a fee can be imposed, but must be a reasonable, cost-based fee based on the labor of copying the patient information, and the supplies, and the postage

In addition, a covered entity should have a written policy and procedure and provide annual HIPAA training to all workforce members.  

Looking at the detail of the most recent HIPAA fines for non-compliance with the Patient Access requirement, there are two key areas that stand out:

    1. Patients are not receiving the records that they request in a timely fashion
    2. Patients are being overcharged for records supplied to them under the patient access requirement

In the corrective action plans, two key items are a trend throughout as mitigations expected from the OCR:

    1. Create or update the patient access policy and procedure to make sure it addresses the patient access requirements, timely action by the covered entity, form and format of access, time and manner of access and fees of copies of records
    2. Provide training and education to all workforce members on the Patient’s right of access

If your organization hasn’t established a process for patient access and a timely response, has no documented HIPAA Patient Access policies and procedures, or has not conducted staff training regarding patient access, you are at risk of a HIPAA fine and resolution agreement.  Not sure where your organization is with compliance to patient access, take Planet HIPAA’s Free Patient Access Checkup.  

PREVENT A COSTLY HIPAA FINE TODAY!

Learn from a leading HIPAA patient access expert the proven system to identify, fix and prevent your HIPAA "right of access" risk in as little as one hour.

CLICK HERE NOW!
Author

Dr. Danika Brinda

Author

Danika Brinda, PhD is the CEO of Planet HIPAA. She is one of the countries leading HIPAA privacy and security experts. Her passion for HIPAA is contagious and she prides herself on making HIPAA fun, approachable and easy to comprehend.

Recent Posts

5 More HIPAA Patient Rights Violations: Strategies for Avoiding Fines
UPDATED: 5 Lessons Learned From 5 HIPAA Fines In One Day
A Solo Doctor Practice Received A $100,000 HIPAA Fine: What Steps Should You Take Now To Avoid Being Next?
Close

50% Complete

Two Step

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.