Office for Civil Rights Settles 18th Investigation in HIPAA Right of Access Initiative
The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services has announced its 18th settlement of an enforcement action in its HIPAA Right of Access Initiative. OCR announced this initiative to support individuals’ right to timely access of their health records at a reasonable cost under the HIPAA Privacy Rule.
Village Plastic Surgery (VPS) has agreed to take corrective actions and pay $30,000 to settle a potential violation of the HIPAA Privacy Rule’s right of access standard.
In September 2019, a complaint was filed with OCR alleging that VPS failed to take timely action in response to a patient’s records access request made in August 2019. OCR initiated an investigation and determined that VPS’s failure to provide timely access to the requested medical records was a potential violation of the HIPAA right of access standard, which requires a covered entity to take action on an access request within 30 days of receipt (or within 60 days if an extension is applicable).
As a result of OCR’s investigation, VPS sent the patient their requested records. In addition to the monetary settlement, VPS will undertake a corrective action plan that includes two years of monitoring.
At a minimum, the policies must include protocols for training all hospital staff and business associates involved with receiving or fulfilling access requests to ensure compliance with the policies and procedures. Training must occur within 60 days of HHS approval.
Despite HIPAA’s right of access rule, many providers fail to fully comply. An OCR audit recently found 89% of providers failed to comply with right of access requirements.
Health IT regulations under the 21st Century Cures Act, which have a compliance deadline of April 5, require that organizations provide patients with access to “core data” in their electronic records via smartphones and standardized application programming interfaces.
PCIHIPAA is the #1 comprehensive compliance solution to protect healthcare and dental practices from HIPAA violations concerning data breaches, identity theft, ransomware or other acts. Schedule your free demo today.