Under the HIPAA Right of Access Initiative, UCMC has agreed to pay a $65,000 HIPAA fine, adopt a corrective action plan, and is subject to two years of OCR monitoring.
“OCR is committed to enforcing patients’ right to access their medical records, including the right to direct electronic copies to a third party of their choice. HIPAA covered entities should review their policies and training programs to ensure they know and can fulfill all their HIPAA obligations whenever a patient seeks access to his or her records,” said Roger Severino, OCR Director.
What is the HIPAA Right of Access?
The HIPAA Right of Access requires healthcare organizations to provide patients access to requested records within 30 days of the request. The records must be provided in the format that is requested, as long as it is reasonably possible to do so. When not possible to provide records in the requested format, an alternate format is permitted. The HIPAA Right of Access also states that providers can only charge a reasonable cost-based fee for record access, for instance, a provider can charge a patient for paper or a CD used to provide the records, but cannot charge for time spent gathering the records.