HIPAA Right of Access, HIPAA Fines 2020, HIPAA Violation Fines

HIPAA Right of Access Violation Fines 2020


January 14, 2021 | Reading Time: 2 Minutes

Please support Telehealth.org’s ability to deliver helpful news, opinions, and analyses by turning off your ad blocker. How

HHS enforcement efforts in 2020 were focused on ensuring that healthcare organizations comply with the HIPAA right of access initiative, made evident by the eleven HIPAA violation fines issued in 2020. To guide on complying with it, HIPAA violation fines 2020 pertaining to the right of access are discussed. The December article of Telehealth.org called More HIPAA Right of Access Violations Reported by OCR explained the HIPAA Right of Access Initiative and what is considered a HIPAA violation.

HIPAA Fines 2020 and the Right of Access

Clients and patients have been complaining that they cannot get answers to the question, “Why can’t I view my medical record online” or in some cases, view their records in any form. The HIPAA right of access requires healthcare providers to provide patients, or their personal representatives, with copies of their medical records within 30 days of the request. The records must be provided in the format requested so long as it is reasonably appropriate for the organization. When the records cannot be provided in the requested format, an alternative format is permitted. Also, healthcare providers can only charge a reasonable cost-based fee for providing copies of medical records.

The organizations that violate the right of access in 2020 were all fined for failure to provide timely access to medical records.

  • Housing Works Inc. – Fined $38,000: provided records 5 months after the initial request.
  • All Inclusive Medical Services Inc. – Fined $15,000: provided records 31 months after the initial request.
  • Beth Israel Lahey Health Behavioral Services – Fined $70,000: provided records 8 months after the initial request.
  • King MD – Fined $3,500: provided records 23 months after the initial request.
  • Wise Psychiatry PC – Fined $10,000: provided records 18 months after the initial request.
  • Joseph’s Hospital and Medical Center – Fined $160,000: provided records 22 months after the initial request.
  • NY Spine Medicine – Fined $100,000: provided records 15 months after the initial request.
  • Riverside Psychiatric Medical Group – Fined $25,000: provided records 19 months after the initial request.
  • Rajendra Bhayani – Fined $15,000: provided records 26 months after the initial request.
  • University of Cincinnati Medical Center – Fined $65,000: provided records 6 months after the initial request.
  • Elite Primary Care – Fined $36,000: provided records 13 months after the initial request.

HIPAA Right of Access and Psychotherapy Notes

One of the fined organizations, Riverside Psychiatric Medical Group, falsely believed that since a patient requested medical records containing psychotherapy notes, the organization did not have to provide the patient with any of their records. However, this is untrue. Although HIPAA does not require the disclosure of psychotherapy notes, an organization is still required to provide the patient with their other records.

Essential Telehealth Law & Ethical Issues

Bring your telehealth practice into legal compliance. Get up to date on inter-jurisdictional practice, privacy, HIPAA, referrals, risk management, duty to warn, the duty to report, termination, and much more!

Therapist AI & ChatGPT: How to Use Legally & Ethically

Immerse yourself in our highly-engaging eLearning program and delve into the uncharted territory of Artificial Intelligence (AI) in Behavioral Healthcare!

HIPAA Compliant Cybersecurity for Professionals

Must-know information about how to protect your telehealth practice from a ransomware attack. Operate w/ EYES WIDE OPEN.

Disclaimer: Telehealth.org offers information as educational material designed to inform you of issues, products, or services potentially of interest. We cannot and do not accept liability for your decisions regarding any information offered. Please conduct your due diligence before taking action. Also, the views and opinions expressed are not intended to malign any organization, company, or individual. Product names, logos, brands, and other trademarks or images are the property of their respective trademark holders. There is no affiliation, sponsorship, or partnership suggested by using these brands unless contained in an ad. Some of Telehealth.org’s blog content is generated with the assistance of ChatGPT. We do not and cannot offer legal, ethical, billing technical, medical, or therapeutic advice. Use of this site constitutes your agreement to Telehealth.org Privacy Policy and Terms and Conditions.

Was this article helpful?

Please share your thoughts in the comment box below.

Notify of
Inline Feedbacks
View all comments

Register for Free

Receive Any of Our 57 FREE Newsletters!


Most Popular Blog Topics

You May Also Like…

ChatGPT HIPAA Considerations
ChatGPT HIPAA Considerations

ChatGPT HIPAA compliance is one of the hottest topics at 2023 conferences and with good reason. AI...