The Office for Civil Rights (OCR) at HHS announced the resolution of eleven investigations in its HIPAA Right of Access Initiative, bringing the total number of these enforcement actions to 38 since the initiative began. Providers found to be in violation of the HIPAA Right of Access rule were given fines ranging from $3,500 to $240,000!
After receiving a request, an entity that is regulated by HIPAA has, absent an extension, 30 days to provide an individual or their representative with their records in a timely manner.
The OCR has treated the HIPAA Right of Access Initiative as an enforcement priority since 2019, although many “non-essential” enforcement actions have slowed or paused due to the COVID-19 pandemic. While enforcement may be slow in the near future, as the country re-opens enforcement actions will undoubtedly increase.
Although you probably have other issues on your mind, now is a good time to remind your staff about HIPAA Right of Access. Do you really to pay a huge fine because you failed to provide a patient’s medical records? A few minutes of effort can save you from being the target of a Federal investigation. Don’t let your practice be featured in the next press release from HHS!