November 23, 2024
Volume XIV, Number 328
Home
Legal Analysis. Expertly Written. Quickly Found.
HB Ad Slot
HB Mobile Ad Slot
OCR Announces Second $85,000 Settlement for Alleged Violations of the Individual Right of Access under HIPAA
Thursday, December 19, 2019

On December 12, 2019, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) announced its second “HIPAA Right of Access Initiativesettlement of alleged HIPAA violations.

The HIPAA Right of Access Initiative is a new effort in 2019 by OCR to monitor compliance with HIPAA requirements addressing patient rights to promptly access medical records, in a readily producible format, without being subject to excessive fees. OCR announced its first settlement under the Right of Access Initiative in September 2019 (see our analysis of that settlement here), and this settlement indicates a continued focus by OCR on HIPAA compliance by providers when responding to patient requests for records.

In this case, OCR entered into an $85,000 settlement with Korunda Medical, LLC (Korunda), a Florida-based primary care and pain management provider, after conducting an investigation which indicated that Korunda failed to provide a patient with timely access to protected health information in accordance with the Privacy Rule. According to the resolution agreement, Korunda’s alleged failure to comply with HIPAA’s right of access for individuals came after OCR had received a prior complaint and provided “technical assistance” to Korunda regarding the individual right of access under HIPAA. In addition to the monetary payment, OCR and Korunda entered into a one-year corrective action plan, under which Korunda is obligated review and revise its policies concerning access to medical records, provide workforce training on individual access rights, and submit a list of medical record access requests received by Korunda from individuals every 90 days to OCR after approval of its updated access policies.

This settlement reiterates the importance for covered entities and business associates to review their policies and procedures governing production of medical records in response to patient requests, and the importance of responding to patients in a timely manner. This settlement is also a warning to entities that receive technical assistance from OCR that the government is unlikely to overlook subsequent allegations of non-compliance following such assistance. Finally, it is interesting to note that the monetary settlement here – $85,000 – for alleged violations of HIPAA’s right of access is the same amount extracted by OCR in its first Right of Access Initiative settlement (despite the defendant in that case being a larger entity), suggesting that OCR may view that amount as a “floor” for resolution of potential violations under the HIPAA Right of Access Initiative.

HTML Embed Code
HB Ad Slot
HB Ad Slot
HB Mobile Ad Slot
HB Ad Slot
HB Mobile Ad Slot
 
NLR Logo
We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins