HIPAA Blog

[ Tuesday, January 12, 2021 ]

First OCR settlement of 2021 continues a trend started in 2020: fining a covered entity for failing to provide an individual with access to his/her medical records. HIPAA provides 6 primary rights to individuals, one of which is the right to access their PHI. This has been a focus for OCR, and we start 2021 with Banner Health paying $200,000 for failing to provide a patient with timely access to her PHI on 2 different occasions.

Keep in mind that the HHS and ONC data blocking rules provide a parallel obligation to provide patients with access to their PHI (at least for providers, and likely for plans that use electronic medical records as well). So, failing to provide access can get you in trouble a couple of different ways. Many of these access issues are process problems and not conscious efforts to keep data away from patients (although some might be punitive), but that won't matter when OCR decides to fine you.

Now's a good time to start looking at your medical records office and how seamlessly they get requested records out. Don't send out what you shouldn't, but don't hold back what you should be sending.

Jeff [9:42 PM]

Comments: Post a Comment

http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template