You may have recently seen the announcement that the U.S. Department of Health and Human Services (HHS) and the Office of Civil Rights (OCR) had their first patient access enforcement action.
The $85,000 payment wasn’t recorded as an actual HIPAA violation, but as as settlement with Bayfront Health of St. Petersburg (Bayfront). So, why should your medical practice care about a hospital having to pay a large HIPAA violation fine?
OCR HIPAA Violation Complaints Rising, Easy to File
This $85,000 settlement is important because of its source. A patient filed a HIPAA-related complaint directly to the OCR. Also, HIPAA-related complaints continue to rise. Between 2015 and 2017, the number of HIPAA-related complaints increased by 39%.
To further increase your risk, it’s easier than ever for patients to submit a HIPAA violation complaint against you. If you haven’t visited the OCR website lately you should. You’ll find a link right on the homepage to “file a complaint to the OCR.” Once you click through a few more pages there are some questions to help determine if the complaint is viable.
HIPAA Violations for Patient Access Tops Focus List
It’s interesting to note, that even though there are numerous types of HIPAA violation complaints someone can file, the only one singled out in these questions is a patient’s right to access their records. This reiterates OCR’s promise earlier this year to vigorously enforce the rights of patients to have access to their medical records promptly via their Right of Access Initiative. Also, patient access is a key focus in current HIPAA phase 2 audits.
Patient Access Violations Are an OCR Target
It’s interesting to note that even though there are numerous types of HIPAA violations that can be reported, the only one singled out on the OCR’s complaint questionnaire is a patient’s right to access their records. This reiterates OCR’s promise earlier this year to vigorously enforce the rights of patients to have access to their medical records promptly via their Right of Access Initiative. Also, patient access has been identified as a key focus in HIPAA phase 2 audits.
Medical Practices Under Scrutiny for HIPAA Violations
When you think about it, medical practices have even more at risk related to the financial consequences of a HIPAA violation than large institutions. Sure, hospitals may be targeted more often for these violations, but they also have larger bank accounts to protect themselves in the event they have to pay a penalty.
Here’s some more data to demonstrate that medical practices are being held financially accountable for HIPAA violations: In a report submitted to Congress on February 19, 2019, the OCR included 29 of their Significant Activities between 2015 and 2017. Approximately 31% of the cases included were related to physician practices (including one ASC). These non-hospital cases resulted in $12.9 million being paid to the OCR.
Bottom line: Your practice is not safe, regardless of its size or specialty. Your only protection against a HIPAA violation is to comply with personal health information regulations, which is sometimes easier said than done. If you don’t, you risk getting hit with massive penalties and fines that could have a significantly negative impact on your practice.
Training Protects Practices from Costly HIPAA Violation Fines
Finally, several of our training sessions are geared to specifically help medical practices protect themselves against HIPAA violations and their consequences. These trainings provide actionable advice from industry experts directly to medical practices to help them overcome the most challenging HIPAA rules that affect medical practices.
Topics include: Releasing Medical Records, Patient Access to Records, Retention and Destruction of Information, Allowable Record Duplication Charges, Breach Identification, and How and When to Report a Breach. You can read more about these trainings on our website.
If you want to read the OCR’s actual announcement of Bayfront settlement and the resolution agreement, you can find it here.
Commonly Purchased Medical Records Online Trainings and Resources
-
Medical Records Retention & Destruction Rule Changes$247.00 – $257.00
-
2-Part Medical Records Training SeriesFrom: $0.00
-
HIPAA: Avoid Medical Record Copying Fee Violations$247.00 – $257.00