Nixon Peabody LLP

  • People
  • Capabilities
  • Insights
  • About

Trending Topics

    • People
    • Capabilities
    • Insights
    • About
    • Locations
    • Events
    • Careers
    • Alumni

    Practices

    View All

    • Affordable Housing
    • Community Development Finance
    • Corporate & Finance
    • Cybersecurity & Privacy
    • Environmental
    • Franchising & Distribution
    • Government Investigations & White Collar Defense
    • Healthcare
    • Intellectual Property
    • International Services
    • Labor & Employment
    • Litigation
    • Private Wealth & Advisory
    • Project Finance
    • Public Finance
    • Real Estate
    • Regulatory & Government Relations

    Industries

    View All

    • Cannabis
    • Consumer
    • Energy
    • Entertainment
    • Financial Services
    • Healthcare
    • Higher Education
    • Infrastructure
    • Manufacturing
    • Non Profit
    • Real Estate
    • Technology

    Value-Added Services

    View All

    • Alternative Fee Arrangements

      Developing innovative pricing structures and alternative fee agreement models that deliver additional value for our clients.

    • Continuing Education

      Advancing professional knowledge and offering credits for attorneys, staff and other professionals.

    • Crisis Advisory

      Helping clients respond correctly when a crisis occurs.

    • DEI Strategic Services

      Providing our clients with legal, strategic, and practical advice to make transformational changes in their organizations.

    • eDiscovery

      Leveraging law and technology to deliver sound solutions.

    • Global Services

      Delivering seamless service through partnerships across the globe.

    • Innovation

      Leveraging leading-edge technology to guide change and create seamless, collaborative experiences for clients and attorneys.

    • IPED

      Industry-leading conferences focused on affordable housing, tax credits, and more.

    • Legal Project Management

      Providing actionable information to support strategic decision-making.

    • Legally Green

      Teaming with clients to advance sustainable projects, mitigate the effects of climate change, and protect our planet.

    • Nixon Peabody Trust Company

      Offering a range of investment management and fiduciary services.

    • NP Capital Connector

      Bringing together companies and investors for tomorrow’s new deals.

    • NP Second Opinion

      Offering fresh insights on cases that are delayed, over budget, or off-target from the desired resolution.

    • NP Trial

      Courtroom-ready lawyers who can resolve disputes early on clients’ terms or prevail at trial before a judge or jury.

    • Social Impact

      Creating positive impact in our communities through increasing equity, access, and opportunity.

    1. Home
    2. Insights
    3. Articles
    4. Five enforcement actions signal continuing OCR focus on HIPAA right of accessArticles

    Article

    Five enforcement actions signal continuing OCR focus on HIPAA right of access

    Dec 30, 2021

    Share

    By Valerie Montague

    Healthcare providers should ensure that they are responding properly to patient records requests, and charging compliant copy fees.

    On November 30, 2021, the Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services released five more enforcement actions under its HIPAA Right of Access Initiative (the Initiative). The Initiative is intended to ensure that individuals receive timely access to their health information at a reasonable cost. Since the Initiative was announced in 2019, these settlements — which involve healthcare providers of all types and sizes — bring the total number of Initiative enforcement actions to 25. 

    Subject to limited exceptions, the HIPAA Privacy Rule requires that a covered entity afford a patient, or the patient’s personal representative, access to inspect and obtain a copy of the patient’s protected health information (PHI). The covered entity must act on a request for access no later than 30 days after its receipt of the request, with the ability to extend its response time for up to 30 days with notification to the individual. The covered entity is limited to charging only a reasonable, cost-based fee for the copy of the PHI, and any fee also must comply with applicable state law requirements.

    The recent enforcement efforts include two of the higher financial penalties of the Initiative’s enforcement actions: a financial settlement of $160,000 with Rainrock Treatment Center, LLC (d/b/a Monte Nido Rainrock) and a civil money penalty of $100,000 with Dr. Robert Glaser. Three of the enforcement actions require the covered entities to adhere to two-year corrective action plans (CAPs) and one requires a one-year CAP.

    These enforcement actions also continue trends seen in the Initiative’s prior enforcement. For example:

    • Organizations of all types and all sizes are struggling with the right of access requirement. The enforcement actions under the Initiative highlight that challenges complying with the right of access requirement are not unique to small providers or certain types of clinical entities. The recent five enforcement actions involve both a solo practitioner and larger clinical practices, including a multi-site provider.
    • Entities being investigated by OCR should cooperate with such investigations. A major theme in the Initiative enforcement actions is that OCR often reached out to the entity and provided technical assistance, but several entities did not, or did not fully, implement the guidance from OCR. This is seen acutely in the enforcement action against Dr. Glaser, because OCR advised his practice in 2017 to evaluate a patient’s request for access and to provide access if the patient’s requests complied with the HIPAA access requirements. After OCR received a second complaint from the same patient in 2018, OCR opened an investigation and requested information from the practice. After repeated outreach, OCR issued a civil money penalty for violating the right to access requirement when the practice failed to provide the requested information. Covered entities should take advantage of any technical assistance offered by OCR to ensure that they are providing appropriate medical record access to individuals; doing so may prevent an enforcement action or lessen a financial settlement or the length or terms of a CAP.
    • Covered entities should ensure that they have enacted compliant policies and procedures addressing the HIPAA right of access requirements. In the recent enforcement action against the Denver Retina Center, an ophthalmological services provider, OCR determined that the practice not only did not provide a patient with access to their records, but also did not have compliant policies and procedures for the HIPAA right of access, leading to a financial settlement of $30,000 and a two-year CAP. In its investigation of a right of access complaint against the Wake Health Medical Center, a primary care medical group, OCR discovered that the practice charged a flat fee for medical record copies, regardless of the size of the records. The two-year CAP requires Wake Health to revises its policies and procedures to identify methods for calculating a reasonable, cost-based fee for medical record copies.

    These recent enforcement actions emphasize not only that covered entities should have a process in place to respond to access requests in a compliant manner, but it is also important to ensure that their workforces are trained to understand patients’ access rights and the covered entity’s obligations for the same.

    These latest five enforcement actions under the Initiative also emphasize that healthcare providers must continue to take their obligations to provide patients with timely access to PHI and limit costs for such access as required by HIPAA and state law.

    PrivacyHealthcareHIPAA

    Practices

    Cybersecurity & PrivacyHealthcare

    Insights And Happenings

    • Article

      OCR issues reminder of security incident obligations

      Oct 28, 2022

    Subscribe to stay informed of the latest legal news, alerts, and business trends.Subscribe

    • People
    • Capabilities
    • Insights
    • About
    • Locations
    • Events
    • Careers
    • Alumni
    • © 2023 Nixon Peabody. All rights reserved
    • Privacy Policy
    • Terms of Use
    • Statement of Client Rights
    • Supplier Diversity Program
    • Nixon Peabody International LLC
    • PAL