HIPAA Blog

[ Wednesday, September 16, 2020 ]

 

 Yesterday OCR announced 5 new settlements involving covered entities that failed or refused to provide patients with access to their PHI, as required by HIPAA.  

In addition to restrictions on uses and disclosures of PHI, HIPAA also grants individuals 6 rights with regard to their PHI.  While the capstone is the right to receive a Notice of Privacy Practices (an explicit recitation of the "rule of the road" that the covered entity must comply with), the second-most important is the right of individuals to access their own PHI.  

In my opinion, the OCR statement is good in a number of ways; first, it gives some specifics of how the various entities failed, several of which had multiple opportunities to fix the problem without paying a fine but failed to take effective action.  Secondly, the fines are reasonable, given the crimes.  Too often, OCR hits only a few offenders and levies astronomical fines, in the apparent hope that others will learn by example; I think they would do better with more, but lower dollar, fines.


Jeff [1:00 PM]

Comments: Post a Comment
http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template