5 HIPAA Violation Fines for Failing to Grant the Right of Access
On September 15, 2020, the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) announced that it had settled with five healthcare organizations that violated the HIPAA Right of Access provision. Each organization was subject to HIPAA violation fines and required to implement corrective action plans (CAPs).
What is the HIPAA Right of Access?
The HIPAA Right of Access dictates that patients, or their designated personal representative, have the right to request a copy of their medical records. Under this provision, healthcare providers must provide timely access to medical records, stating that requested records must be provided within 30 days of the request. Learn more about HIPAA Right of Access information provided by TBHI.
Beth Israel Lahey Health Behavioral Services
Beth Israel Lahey Health Behavioral Services (BILHBS), the largest provider of substance abuse and mental health services in eastern Massachusetts, was issued a $70,000 HIPAA violation fine for failure to provide timely access to medical records requested by a patient’s personal representative. They are also subject to one year of monitoring by OCR and must implement a CAP.
In February 2019, the personal representative requested access to her father’s medical records, but two months later she still had not received the records. She issued a complaint with OCR, and after an investigation, BILHBS finally gave her access to the records in October 2019.
King MD, a small psychiatric services provider based in Virginia, was issued a $3,500 HIPAA violation fine for failure to provide timely access to medical records. They are also subject to two years of monitoring by OCR and must implement a CAP.
In October 2018, a patient issued a complaint to the OCR after her request to receive a copy of her medical records had not been met. OCR contacted King MD to provide them technical assistance on how to meet the request. In February 2019, the patient issued another complaint that she had still not received her medical records. She finally received her records in July 2020.
Wise Psychiatry, PC
Wise Psychiatry, PC, a small psychiatric services provider based in Colorado, was issued a $10,000 HIPAA violation fine for failing to provide a personal representative with access to his minor son’s medical records. They are also subject to one year of monitoring by OCR and must implement a CAP.
In November 2017, the personal representative requested his son’s medical records but still had not received them in February 2018. After issuing a complaint to OCR, OCR provided technical assistance to Wise. However, in October 2018, the representative filed a second complaint since he still had not received his son’s medical records. After an OCR investigation, he finally received the records in May 2019.
All Inclusive Medical Services, Inc.
All Inclusive Medical Services, Inc. (AIMS), a multi-specialty family medicine clinic based in California, was issued a $15,000 HIPAA violation fine for refusing to give the patient access to her medical records. They are also subject to two years of monitoring by OCR and must implement a CAP.
In January 2018, a patient requested a copy of her medical records, but her request was denied. In April 2018, the patient issued a complaint with OCR, and OCR began its investigation into AIMS. The patient finally received her records in August 2020 after it was found that AIMS violated the HIPAA Right of Access provision.
Housing Works, Inc.
Housing Works, Inc., a non-profit healthcare organization based in New York City, was issued a $38,000 HIPAA violation fine for failing to provide a patient with his records. They are also subject to one year of monitoring by OCR and must implement a CAP.
In June 2019, a patient requested a copy of his medical records. In July 2019, he issued a complaint with OCR when he had not received the records. OCR conducted an investigation and provided Housing Works with technical assistance. However, in August 2019, the patient filed a second complaint when he still had not received his records. He finally received his records in November 2019.
Need assistance with HIPAA compliance? Compliancy Group can help! They help you achieve HIPAA compliance with Compliance Coaches® guiding you through the entire process. Find out more about the HIPAA Seal of Compliance® and Compliancy Group. Get HIPAA compliant today!
Your TBHI Professional Training Options
TBHI specializes in teaching you how to relax when delivering telehealth. It offers you a step-by-step learning path of online training that helps you be legally and ethically compliant, clinically proficient, and able to handle even the most difficult of clinical scenarios. Take advantage of COVID discount pricing to learn how to sit back and enjoy your telehealth experiences, rather than struggling with ZOOM fatigue and clinical uncertainty. All courses are evidence-based, available 24/7 through any device and most count toward legal and ethical requirements for licensure. Two micro certifications are also available.
- Telehealth Group Therapy — Exciting, highly interactive telehealth learning experience designed to get answers to your questions about legally and ethically managing telehealth group therapy. Digital class will allow you to connect with colleagues ahead of time to ask questions and share answers. Distinguished faculty will lead you through telehealth group therapy theory and exercises.
- Telehealth Clinical Best Practices Workshop — Live, interactive webinar, w/ 4 CME or CE hours to discuss preventing and handling complex clinical issues.
- Course Catalog
- Micro Certifications to give you a broader range of legal and ethical grounding, and allow you to distinguish yourself as a TBHI-credentialed professional on your websites, in social media, directories and other areas.