HIPAA Right to Access Failures – Continued Penalties for Providers

By: Kristen Andrews Wilson

Published: September 24, 2020

Under the HIPAA Privacy Rule, individuals have a right to timely access their medical records at a reasonable cost. With some exceptions, a health care provider must provide those records without reasonable delay and within thirty days of receiving the request. The Department of Health and Human Services Office for Civil Rights (“OCR”) has stated that one of its enforcement priorities is its HIPAA right to access initiative.

OCR recently imposed penalties ranging from $3,500 to $70,000 on five health care providers who failed to provide patients with timely access to their medical records. This recent enforcement action follows penalties levied against two health care providers in 2019, each in the amount of $85,000, for right to access failures.

In addition to monetary penalties, these five providers will be monitored by OCR and are required to submit Corrective Action Plans. All five investigations were initiated by patient complaints. Providers should review their right to access policies and procedures and monitor compliance with those procedures to confirm that patients are able to timely access their medical records.

If you have questions about complying with this and any other aspect of HIPAA, please contact one of the authors of this alert.

Stay informed. Sign up for our mailing lists.

Stay Informed

All of our news and resources are shared electronically. Select your preferred list(s) below.(Required)