In September of 2019, the Office of Civil Rights (OCR) of the Department of Health and Human Services settled the first HIPAA Fine and Corrective Action Plan for $85,000. Fast forward a little over 2 years and The OCR just assigned 5 more fines and corrective actions plans for non-compliance with Patient Access now totaling 25 covered entities with settlements with fines. This is a wake-up call for the entire healthcare industry regardless of specialty that having a defined process in place to respond to a patient’s request for information is a MUST.
HIPAA is very clear in the regulations regarding patient access. The main components of the Patient Access Regulation are that:
In addition, a covered entity should have a written policy and procedure and provide annual HIPAA training to all workforce members.
Looking at the detail of the most recent HIPAA fines for non-compliance with the Patient Access requirement, there are two key areas that stand out:
In the corrective action plans, two key items are a trend throughout as mitigations expected from the OCR:
If your organization hasn’t established a process for patient access and a timely response, has no documented HIPAA Patient Access policies and procedures, or has not conducted staff training regarding patient access, you are at risk of a HIPAA fine and resolution agreement. Not sure where your organization is with compliance to patient access, take Planet HIPAA’s Free Patient Access Checkup.
50% Complete
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.