OCR Settles 5 HIPAA Right of Access Complaints

On November 30, 2021, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced the resolution of five HIPAA right of access investigations. OCR settled four right of access complaints, with providers in Ohio, Colorado, Oregon and North Carolina. OCR imposed a civil monetary penalty (CMP) on a fifth provider, a cardiologist in Long Island (New Hyde Park), New York. OCR imposed a penalty [...]

2022-05-06T17:03:48-04:00December 3rd, 2021|

OCR Settles 19th HIPAA Right of Access Case

Since 2019, the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) has brought a number of enforcement actions against healthcare providers for their failure to comply with the HIPAA Privacy Rule’s right of access standard. This standard requires providers to give patients timely access to their medical records. Recently, OCR announced its 19th settlement under its 2019 right [...]

2022-05-06T14:44:01-04:00June 2nd, 2021|

Healthcare Groups Push Back on Proposal to Modify HIPAA Privacy Rule

In January of 2021, the Department of Health and Human Services (HHS) published a Notice of Proposed Rulemaking (Notice) to modify the HIPAA Privacy Rule. HHS has proposed to modify the Privacy Rule right of access provision by (among other measures) requiring providers, at an individual’s request, to mail or electronically transmit PHI to or through the individual’s personal health application (PHA). HHS seeks to define PHAs as [...]

2021-05-21T12:03:22-04:00May 14th, 2021|

OCR Fines Village Plastic Surgery for Stretching HIPAA Right of Access Rule

In late March of 2021, the Department of Health and Services (HHS) Office for Civil Rights (OCR) settled with New Jersey-based Village Plastic Surgery (VPS) for a potential violation of the HIPAA right of access rule. The $30,000 settlement requires VPS to undergo a two-year corrective plan (CAP). The details of the settlement are discussed below. Village Plastic Surgery HIPAA Right of Access Rule Violation [...]

2022-05-06T14:44:03-04:00March 26th, 2021|

$65,000 Right of Access Violation Settlement

The Department of Health and Human Services’ (HHS) Office for Civil Rights recently announced its seventeenth settlement of an enforcement action under its HIPAA Right of Access Initiative. The Arbour, Inc., doing business as Arbour Hospital (Arbour), has agreed to pay $65,000 to settle a potential right of access standard violation. Arbor has also agreed to submit to a one-year corrective action plan (CAP). More details on the [...]

2022-05-06T14:44:03-04:00March 24th, 2021|

Sharp HealthCare Pays $70,000 to Settle Potential Right of Access Violation

In February of 2021, Sharp HealthCare, doing business as Sharp-Rees Stealy Medical Centers (SRMC), paid $70,000 to the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) to settle a potential violation of the HIPAA Privacy Rule right of access standard. The Sharp settlement has become OCR’s sixteenth settlement under OCR’s right of access initiative. Under this initiative that began in 2019, OCR continues to [...]

2022-05-06T14:44:07-04:00February 12th, 2021|

Renown Health Fined $75,000 Under HIPAA Right of Access Initiative

Not-for-profit Nevada health system Renown Health, P.C., has agreed to pay $75,000 to the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) to settle a potential violation of the HIPAA Privacy Rule right of access provision. The settlement is a product of HHS’ Right of Access Initiative. Under this initiative, OCR established cracking down on providers who fail to grant timely patient access to [...]

2022-05-06T14:44:07-04:00February 10th, 2021|

Remote Workers and HIPAA: How You Can Keep Your Healthcare Business Secure

With more and more remote workers in the healthcare space, PHI security should be a top concern. A recent survey determined that 44% of employees are currently working from home, with several employers expecting workers to continue to work remotely permanently. So what does this mean for cybersecurity and HIPAA compliance? To provide healthcare organizations with guidance, remote workers and HIPAA is discussed. Remote Workers and HIPAA: Data [...]

2021-02-03T16:09:45-05:00February 1st, 2021|

First OCR Settlement Agreement of 2021 Announced

It’s not surprising that OCR kicked off 2021 by announcing yet another right of access fine. The fourteenth fine issued under OCR’s right of access initiative was a $200,000 fine issued to Banner Health ACE. The OCR settlement agreement is discussed in detail below. Banner Health ACE OCR Settlement Agreement Banner Health affiliated covered entities (Banner Health ACE), a non-profit health system with 30 hospitals, and primary [...]

2022-05-06T14:44:11-04:00January 13th, 2021|

2020 Right of Access Enforcement

2020 has been an unenviable year of firsts and of worsts. Add to this another undesirable record-breaker. In 2020, the Department of Health and Human Services’ (HHS) Office for Civil Rights issued a record 19 fines for failure to comply with the HIPAA regulations. 11 of the fines issued were for a failure to comply with the HIPAA Privacy Rule’s right of access. The message of OCR 2020 [...]

2022-05-06T14:44:11-04:00January 11th, 2021|