Right of Access Fine

OCR announced the eighth right of access fine issued this year. St. Joseph’s Hospital and Medical Center was fined $160,000 for failing to comply with the HIPAA right of access. More details on the right of access fine are discussed below.

St. Joseph’s Hospital and Medical Center Right of Access Fine

On April 25, 2018 the Department of Health and Human Services’(HHS) Office for Civil Rights (OCR) received a complaint about St. Joseph’s Hospital and Medical Center (SJHMC). The complaint claimed that the healthcare provider failed to provide a minor patient’s mother with access to her son’s medical records.

The mother, who first made the request for copies of her son’s medical records in January 2018, claimed that SJHMC did not provide her with all of the records she requested. Although the mother issued follow up requests for records (requesting the records seven times between January 2018 and May 2018), SJHMC had still not provided her access to the full records.

Why Compliancy Group?

HIPAA Compliance is an important part of your business, so why not use someone you can trust? Compliancy Group is the only compliance firm to be listed on both Inc. 2020 Best Places to Work and 2020 Inc. 5000 list of the fastest-growing private companies in America. By working with us, you are welcomed into the safety of our family.

Put your trust in us

Upon investigation, OCR found that SJHMC had potentially violated the HIPAA right of access. SJHMC finally provided the mother with access to the records, after OCR involvement, on December 19, 2019, 22 months after her initial request.

“It shouldn’t take a federal investigation to secure access to patient medical records, but too often that’s what it takes when health care providers don’t take their HIPAA obligations seriously.  OCR has many right of access investigations open across the country, and will continue to vigorously enforce this right to better empower patients,” said Roger Severino, OCR Director.

To read more about the most recent right of access fine, please click here.

What is the HIPAA Right of Access?

The right of access requires healthcare providers to provide requested records to patients, or their personal representative, within 30 days of the request. Records must be provided in the format requested (i.e., paper, electronic medical records, etc.) unless the provider cannot reasonably do so, in which case an alternative format is acceptable. Under the right of access, providers can charge a cost-based fee for access to records, such as if the patient requests records to be provided on a CD, the provider can charge for the cost of the CD.

Need Help with HIPAA?

Let our complete HIPAA solution handle it.