All Blogs

First Medical Records Patient Access HIPAA Fine Issued


Posted Sep 12, 2019
Share: Share on Facebook Share on Twitter Share on LinkedIn
All Blogs

First Medical Records Patient Access HIPAA Fine Issued

Posted September 12, 2019
Share: Share on Facebook Share on Twitter Share on LinkedIn
HIPAA Violation nurse giving patient medical records

You may have recently seen the announcement that the U.S. Department of Health and Human Services (HHS) and the Office of Civil Rights (OCR) had their first patient access enforcement action.

The $85,000 payment wasn’t recorded as an actual HIPAA violation, but as as settlement with Bayfront Health of St. Petersburg (Bayfront). So, why should your medical practice care about a hospital having to pay a large HIPAA violation fine?

OCR HIPAA Violation Complaints Rising, Easy to File

This $85,000 settlement is important because of its source. A patient filed a HIPAA-related complaint directly to the OCR. Also, HIPAA-related complaints continue to rise. Between 2015 and 2017, the number of HIPAA-related complaints increased by 39%.

To further increase your risk, it’s easier than ever for patients to submit a HIPAA violation complaint against you. If you haven’t visited the OCR website lately you should. You’ll find a link right on the homepage to “file a complaint to the OCR.”  Once you click through a few more pages there are some questions to help determine if the complaint is viable.

HIPAA Violations for Patient Access Tops Focus List

It’s interesting to note, that even though there are numerous types of HIPAA violation complaints someone can file, the only one singled out in these questions is a patient’s right to access their records. This reiterates OCR’s promise earlier this year to vigorously enforce the rights of patients to have access to their medical records promptly via their Right of Access Initiative. Also, patient access is a key focus in current HIPAA phase 2 audits.

Patient Access Violations Are an OCR Target

It’s interesting to note that even though there are numerous types of HIPAA violations that can be reported, the only one singled out on the OCR’s complaint questionnaire is a patient’s right to access their records. This reiterates OCR’s promise earlier this year to vigorously enforce the rights of patients to have access to their medical records promptly via their Right of Access Initiative. Also, patient access has been identified as a key focus in HIPAA phase 2 audits.

Medical Practices Under Scrutiny for HIPAA Violations

When you think about it, medical practices have even more at risk related to the financial consequences of a HIPAA violation than large institutions. Sure, hospitals may be targeted more often for these violations, but they also have larger bank accounts to protect themselves in the event they have to pay a penalty.

Here’s some more data to demonstrate that medical practices are being held financially accountable for HIPAA violations: In a report submitted to Congress on February 19, 2019, the OCR included 29 of their Significant Activities between 2015 and 2017. Approximately 31% of the cases included were related to physician practices (including one ASC). These non-hospital cases resulted in $12.9 million being paid to the OCR.

Bottom line: Your practice is not safe, regardless of its size or specialty. Your only protection against a HIPAA violation is to comply with personal health information regulations, which is sometimes easier said than done. If you don’t, you risk getting hit with massive penalties and fines that could have a significantly negative impact on your practice.

Training Protects Practices from Costly HIPAA Violation Fines

Finally, several of our training sessions are geared to specifically help medical practices protect themselves against HIPAA violations and their consequences. These trainings provide actionable advice from industry experts directly to medical practices to help them overcome the most challenging HIPAA rules that affect medical practices.

Topics include: Releasing Medical Records, Patient Access to Records, Retention and Destruction of Information, Allowable Record Duplication Charges, Breach Identification, and How and When to Report a Breach. You can read more about these trainings on our website.

If you want to read the OCR’s actual announcement of Bayfront settlement and the resolution agreement, you can find it here.

Commonly Purchased Medical Records Online Trainings and Resources

 

Meet Your Writer

Samantha (Sam) Saldukas

President, Healthcare Training Leader

Samantha (Sam) Saldukas started Healthcare Training Leader in 2012 after working as a leader in healthcare information for 20+ years. She wakes up every morning striving to help physician and dental offices improve the business-side of their practices. Her background in nursing and running her husband’s practice makes her passionate about figuring out how to help your practice succeed. More than 5 years later, thousands of practices have turned to Healthcare Training Leader for affordable, easy-access solutions to their most challenging business and regulatory issues. Some of the key topics include coding, billing, compliance, credentialing and practice management. Healthcare Training Leader guarantees the quality of every single training it offers.  Each session is backed by a money-back  guarantee of satisfaction to ensure you get what you need.