HIPAA Patient “Right of Access” Fine Set At $85,000

Medical practices and healthcare providers have very particular obligations under the “right of access” provision of the Health Insurance Portability and Accountability Act (HIPAA). Not knowing what these obligations are could result in a civil monetary penalty of $85,000 or more.

What does this HIPAA settlement mean to doctors?

The Office for Civil Rights (OCR) within the U.S. Department of Health and Human Services (HHS) announced its first settlement after the new HIPAA Right of Access Initiative (Initiative) came into effect. The settlement with Bayfront Health St. Petersburg (Bayfront) included a resolution agreement, a corrective action plan, and a fine of $85,000 paid to HHS.

What is the HIPAA “right of access” provision?

Announced earlier this year, the Initiative was intended to be a clear message from OCR that all medical professionals, hospitals, and health systems should understand their access obligations. The settlement demonstrates just how seriously OCR intends to enforce this provision. After an investigation, OCR found that Bayfront failed to provide a patient with access to her medical records. It also found that Bayfront failed to have adequate policies and procedures to prevent this violation of the Privacy Rule from occurring.

OCR’s HIPAA Right of Access Initiative press release related to the settlement, as well as the resolution agreement, can be found here. The fine was based on the provider’s refusal to provide a single medical record. Bayfront took over nine months to produce documents. More importantly, the settlement indicates that OCR is adding teeth to what was once oft-ignored “right of access” provisions of this health information privacy law.

What can I do about HIPAA compliance as a doctor or administrator?

If you are a doctor, dentist, or any other HIPAA covered entity — or if you’re not sure if you’re subject to HIPAA — IDEAL Business Partners will help you understand every aspect of the law, including those related to right of access obligations. IDEAL works with medical providers and healthcare professionals, onsite as necessary, to update all HIPAA policies and procedures. Once update, IDEAL will train all staff members to ensure organizations compliance.

Email IDEAL Business Partners for a HIPAA Compliance Checkup and IDEAL will provide the initial consultation. Subscribe for more articles regarding common compliance mistakes with tips on how to avoid them.


Related Insights