Electronic Healthcare Records , Governance & Risk Management , HIPAA/HITECH

HHS Issues Another Settlement on Patient Access to Records

13th Settlement in Ongoing Effort to Enforce HIPAA Provision
HHS Issues Another Settlement on Patient Access to Records

Federal regulators have issued their 13th HIPAA settlement tied to failing to give a patient access to their records.

See Also: Reducing Complexity in Healthcare IT

The $36,000 settlement and corrective action plan with Peter Wrobel, M.D., a vein specialist at Waycross, Georgia-based Elite Primary Care, was announced Tuesday by the Department of Health and Human Services’ Office for Civil Rights.

“Healthcare providers, large and small, must ensure that individuals get timely access to their health records, and for a reasonable cost-based fee,” says OCR Director Roger Severino.

Tardy Response

OCR says it received a complaint in April 2019 alleging that Elite Primary Care failed to respond to a patient's request for access to his medical records. In May 2019, OCR provided technical assistance to Elite on the HIPAA right of access requirements and closed the complaint.

But in October 2019, OCR received a second complaint alleging that Elite still had not provided the patient with access to his records. As a result of OCR’s second investigation, the patient finally received a copy of his records in May 2020, the agency says.

Since launching its initiative last year to ramp up enforcement of HIPAA’s requirement to provide patients with timely access to their records, OCR has issued a series of 13 HIPAA settlements with penalties ranging from $3,500 to $160,000.

Under the Elite Primary Care settlement’s corrective action plan, the practice must develop and distribute to staff written policies and procedures to comply with the right of access provision. It must also provide training to all workforce members that are involved in receiving or fulfilling records access requests.

Elite Primary Care did not immediately respond to an Information Security Media Group request for comment.

Tighter Deadlines Coming?

Under HIPAA, covered entities must within 30 days fulfill patients' requests for copies of their health information in the format of their choice.

But that deadline could eventually be even tighter. Under a proposal issued by OCR this month to modify the HIPAA Privacy Rule, the compliance timeframe could potentially be reduced to 15 days (see: HHS Reveals Proposed Changes to HIPAA Privacy Rule).

About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.