TRENDING:

Electronic Healthcare Records , Governance & Risk Management , HIPAA/HITECH

Sharp Healthcare Latest to Be Fined for Records Access Failure

Case Is HHS' 16th 'Right of Access' Enforcement Action Marianne Kolbasuk McGee (HealthInfoSec) • February 12, 2021    
Sharp Healthcare Latest to Be Fined for Records Access Failure

Continuing its initiative to ensure patients can access copies of their medical records, as HIPAA requires, federal regulators on Friday issued their 16th settlement in a records access case.

See Also: OnDemand | Making the Connection Between Cybersecurity and Patient Care

The $70,000 Department of Health and Human Services settlement with San Diego, Calif.-based Sharp Healthcare is the second right of access case announced this week. On Wednesday, HHS OCR revealed a $75,000 settlement with Nevada-based Renown Health.

The Complaint

HHS OCR says that in June 2019, it received a complaint alleging that Sharp failed to take timely action in response to a patient's records access request directing that an electronic copy of protected health information in an electronic health record be sent to a third party.

OCR says it provided Sharp with technical assistance on the HIPAA right of access requirements. But in August 2019, OCR received a second complaint alleging that Sharp still had not responded to the patient's records access request.

OCR initiated an investigation, and Sharp eventually provided access to the requested records.

Corrective Actions

As in OCR's 15 previous right of access settlements with other entities, in addition to the monetary settlement, Sharp will undertake a corrective action plan that includes two years of monitoring.

Under the resolution agreement with OCR, Sharp has agreed to take several corrective actions including developing written policies and procedures to comply with the HIPAA's right of access provision; distributing those policies and procedures to all members of the Sharp workforce; and providing its staff with training materials.

In a statement provided to Information Security Media Group Sharp says its dedicated to "providing patients with timely access to their medical records and ensuring their privacy by adhering to all requirements set forth in HIPAA and California law."

HHS OCR launched its "right of access" enforcement initiative in April 2019. Since then, the agency's 16 settlements in these cases have had financial penalties ranging from $3,500 to $200,000.

Previous
Notification of Breach Affecting 219,000 Delayed
Next
Water Treatment Hack Prompts Warning From CISA

About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.



Around the Network

Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Why Health Firms Struggle with Cybersecurity Frameworks
Why Health Firms Struggle with Cybersecurity Frameworks

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.