HIPAA Blog

[ Sunday, March 31, 2024 ]

Another "Right of Access" Settlement: OCR has entered into its 47th settlement with a HIPAA covered entity or business associate accused of failing to grant an individual access to his/her PHI. As you know, in addition to 5 other rights specifically granted to individuals under HIPAA, except for a few specific types of data, covered entities and business associates must allow individuals to access and get a copy of their PHI, if it's in a designated record set. A few years ago, OCR started vigorously enforcing this, and it doesn't look like they're going to stop any time soon. This time, the fine is $35,000, in line with recent right-of-access settlements.

There are a few reasons why a covered entity won't give an individual access to their PHI, but many times it's not a good reason (the covered entity doesn't want to make it easy for a patient to find another provider). Take this as fair warning -- if the patient asks, give them the data, unless you have a VERY good reason.

Jeff [9:15 AM]

Comments: Post a Comment

http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template