HHS enforcement efforts in 2020 were focused on ensuring that healthcare organizations comply with the HIPAA right of access initiative, made evident by the eleven HIPAA violation fines issued in 2020. To guide on complying with it, HIPAA violation fines 2020 pertaining to the right of access are discussed. The December article of Telehealth.org called More HIPAA Right of Access Violations Reported by OCR explained the HIPAA Right of Access Initiative and what is considered a HIPAA violation.
HIPAA Fines 2020 and the Right of Access
Clients and patients have been complaining that they cannot get answers to the question, “Why can’t I view my medical record online” or in some cases, view their records in any form. The HIPAA right of access requires healthcare providers to provide patients, or their personal representatives, with copies of their medical records within 30 days of the request. The records must be provided in the format requested so long as it is reasonably appropriate for the organization. When the records cannot be provided in the requested format, an alternative format is permitted. Also, healthcare providers can only charge a reasonable cost-based fee for providing copies of medical records.
The organizations that violate the right of access in 2020 were all fined for failure to provide timely access to medical records.
- Housing Works Inc. – Fined $38,000: provided records 5 months after the initial request.
- All Inclusive Medical Services Inc. – Fined $15,000: provided records 31 months after the initial request.
- Beth Israel Lahey Health Behavioral Services – Fined $70,000: provided records 8 months after the initial request.
- King MD – Fined $3,500: provided records 23 months after the initial request.
- Wise Psychiatry PC – Fined $10,000: provided records 18 months after the initial request.
- Joseph’s Hospital and Medical Center – Fined $160,000: provided records 22 months after the initial request.
- NY Spine Medicine – Fined $100,000: provided records 15 months after the initial request.
- Riverside Psychiatric Medical Group – Fined $25,000: provided records 19 months after the initial request.
- Rajendra Bhayani – Fined $15,000: provided records 26 months after the initial request.
- University of Cincinnati Medical Center – Fined $65,000: provided records 6 months after the initial request.
- Elite Primary Care – Fined $36,000: provided records 13 months after the initial request.
HIPAA Right of Access and Psychotherapy Notes
One of the fined organizations, Riverside Psychiatric Medical Group, falsely believed that since a patient requested medical records containing psychotherapy notes, the organization did not have to provide the patient with any of their records. However, this is untrue. Although HIPAA does not require the disclosure of psychotherapy notes, an organization is still required to provide the patient with their other records.
Essential Telehealth Law & Ethical Issues
Bring your telehealth practice into legal compliance. Get up to date on inter-jurisdictional practice, privacy, HIPAA, referrals, risk management, duty to warn, the duty to report, termination, and much more!
Therapist AI & ChatGPT: How to Use Legally & Ethically
Immerse yourself in our highly-engaging eLearning program and delve into the uncharted territory of Artificial Intelligence (AI) in Behavioral Healthcare!
HIPAA Compliant Cybersecurity for Professionals
Must-know information about how to protect your telehealth practice from a ransomware attack. Operate w/ EYES WIDE OPEN.