The Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) continues its right of access enforcement initiative, announcing two settlements within two days of each other. More details on the right of access violation settlements are discussed.
Renown Health $75,000 Right of Access Violation Settlement
On February 10, 2021, HHS’ OCR announced its fifteenth right of access violation settlement with Renown Health. OCR launched an investigation into Renown after receiving a patient complaint in February 2019 alleging that the healthcare provider failed to respond to a patient’s request for medical records. The investigation determined that Renown potentially violated the HIPAA right of access standard. To settle the matter, Renown agreed to pay a $75,000 fine, implement a corrective action plan, and be subjected to two years of OCR monitoring.
The provisions of the corrective action plan require Renown to revise policies and procedures to reflect Renown’s obligation to comply with the right of access standard. This includes outlining access protocols, and training staff on how to comply with records requests.
Sharp HealthCare $70,000 Right of Access Violation Settlement
On February 12, 2021, HHS’ OCR announced its sixteenth right of access violation settlement with Sharp HealthCare. After receiving a complaint in June 2019 from a patient’s personal representative that Sharp failed to provide the patient with requested records, HHS’ OCR launched an investigation. The investigation concluded within two weeks of the complaint, and OCR provided Sharp with technical assistance so that they may comply with the records request. However, OCR received a second complaint after Sharp failed to provide the records until October 2019, well past the 30-day allowance for compliance. As a result, Sharp agreed to pay a $70,000 fine, implement a corrective action plan, and be subjected to two years of OCR monitoring.
The provisions of the corrective action plan require Sharp to develop policies and procedures in relation to complying with the right of access standard. As part of this requirement, Sharp must include an accurate definition of a Designated Record Set, and train staff members on fulfilling access requests.
Need assistance with HIPAA compliance? Compliancy Group can help! They help you achieve HIPAA compliance with Compliance Coaches® guiding you through the entire process. Find out more about the HIPAA Seal of Compliance® and Compliancy Group. Get HIPAA compliant today!