Nixon Peabody LLP

  • People
  • Capabilities
  • Insights
  • About

Trending Topics

    • People
    • Capabilities
    • Insights
    • About
    • Locations
    • Events
    • Careers
    • Alumni

    Practices

    View All

    • Affordable Housing
    • Community Development Finance
    • Corporate & Finance
    • Cybersecurity & Privacy
    • Environmental
    • Franchising & Distribution
    • Government Investigations & White Collar Defense
    • Healthcare
    • Intellectual Property
    • International Services
    • Labor & Employment
    • Litigation
    • Private Wealth & Advisory
    • Project Finance
    • Public Finance
    • Real Estate
    • Regulatory & Government Relations

    Industries

    View All

    • Cannabis
    • Consumer
    • Energy
    • Entertainment
    • Financial Services
    • Healthcare
    • Higher Education
    • Infrastructure
    • Manufacturing
    • Non Profit
    • Real Estate
    • Technology

    Value-Added Services

    View All

    • Alternative Fee Arrangements

      Developing innovative pricing structures and alternative fee agreement models that deliver additional value for our clients.

    • Continuing Education

      Advancing professional knowledge and offering credits for attorneys, staff and other professionals.

    • Crisis Advisory

      Helping clients respond correctly when a crisis occurs.

    • DEI Strategic Services

      Providing our clients with legal, strategic, and practical advice to make transformational changes in their organizations.

    • eDiscovery

      Leveraging law and technology to deliver sound solutions.

    • Global Services

      Delivering seamless service through partnerships across the globe.

    • Innovation

      Leveraging leading-edge technology to guide change and create seamless, collaborative experiences for clients and attorneys.

    • IPED

      Industry-leading conferences focused on affordable housing, tax credits, and more.

    • Legal Project Management

      Providing actionable information to support strategic decision-making.

    • Legally Green

      Teaming with clients to advance sustainable projects, mitigate the effects of climate change, and protect our planet.

    • Nixon Peabody Trust Company

      Offering a range of investment management and fiduciary services.

    • NP Capital Connector

      Bringing together companies and investors for tomorrow’s new deals.

    • NP Second Opinion

      Offering fresh insights on cases that are delayed, over budget, or off-target from the desired resolution.

    • NP Trial

      Courtroom-ready lawyers who can resolve disputes early on clients’ terms or prevail at trial before a judge or jury.

    • Social Impact

      Creating positive impact in our communities through increasing equity, access, and opportunity.

    1. Home
    2. Insights
    3. Articles
    4. OCR continues to push its Right of Access Initiative through recent enforcement actionsArticles

    Article

    OCR continues to push its Right of Access Initiative through recent enforcement actions

    May 4, 2021

    Share

    By Valerie Montague

    Failing to provide patients with timely access to their health information can lead to fines and other enforcement actions for health care providers.

    On March 24 and 26, 2021, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) announced two settlements, its seventeenth and eighteenth in its HIPAA Right of Access Initiative. 

    In the first, OCR detailed how, in mid-2019, it received a complaint from an individual regarding a delay receiving records from The Arbour, Inc. d/b/a Arbour Hospital, a Massachusetts behavioral health hospital (“The Arbour”). The HIPAA regulations require covered entities to respond to requests for access to protected health information (PHI) within 30 days (60 days if the facts permit an extension). OCR provided technical assistance to The Arbour regarding the HIPAA requirements governing an individual’s right to access their PHI and closed the matter. However, OCR received a second complaint from the same individual a week later, detailing that The Arbour still had not provided access, prompting OCR to investigate.

    The OCR Resolution Agreement with The Arbour stated that it found that The Arbour failed to provide an individual with timely access to their PHI, explaining that it took the facility nearly five months to provide the requested access. The Arbour agreed to pay $65,000 to OCR and enter into a Corrective Action Plan. 

    In the second settlement, Village Plastic Surgery (“VPS”), a New Jersey cosmetic plastic surgery practice, also was the subject of a 2019 complaint to OCR regarding the failure to provide access to PHI in a timely manner. OCR investigated and determined that the access failure was a potential violation of the HIPAA regulations. While the patient ultimately received their PHI, OCR entered into a settlement whereby VPS agreed to pay $30,000 and enter into a corrective action plan.

    These settlements highlight OCR’s continued emphasis on a patient’s right to access their PHI in a timely manner, which also may overlap with the health care provider’s obligations under the Information Blocking Rule. Unlike other HIPAA enforcement actions, enforcement under the Right of Access Initiative show that OCR is willing to impose penalties for just one alleged HIPAA violation, rather than limiting its enforcement to entities engaged in systemic noncompliance. 

    In addition, OCR’s settlement with The Arbour illustrates for HIPAA covered entities and business associates that they should take advantage of an opportunity presented by OCR for technical assistance on compliance with the HIPAA regulations; complying with OCR’s instructions may have avoided The Arbour’s financial settlement and corrective action plan.

    As an entity is only as strong as its workforce, HIPAA covered entities also should ensure that personnel responding to access requests understand the HIPAA requirements, including the timeframes for providing access or a denial of access. Workforce members must understand the covered entity’s process for addressing any issues that arise in the access request process, and doing so in a timeframe that keeps the entity compliant.

    PrivacyHIPAA

    Practices

    Cybersecurity & PrivacyLife Sciences & Healthcare Compliance and InvestigationsHealthcare Dispute ResolutionHealthcare Regulatory & ComplianceHealthcare

    Subscribe to stay informed of the latest legal news, alerts, and business trends.Subscribe

    • People
    • Capabilities
    • Insights
    • About
    • Locations
    • Events
    • Careers
    • Alumni
    • © 2023 Nixon Peabody. All rights reserved
    • Privacy Policy
    • Terms of Use
    • Statement of Client Rights
    • Supplier Diversity Program
    • Nixon Peabody International LLC
    • PAL