Compliance Today (January 2021)
The Office for Civil Rights (OCR) at the U.S. Department of Health & Human Services (HHS) has been vigorously enforcing patients’ right to access their medical records under the Health Insurance Portability and Accountability Act (HIPAA).[1] According to an October 9 notice, the OCR has settled nine such investigations in its HIPAA Right of Access Initiative.[2]
In a blog post[3] put together by Waller law firm professionals, the initiative is discussed alongside other rules affecting an individual’s right to access their records, specifically the 21st Century Cures Act’s interoperability and information-blocking rules:
“Under these Rules, a patient’s request for records (as well as others) must be provided in compliance with the Information Blocking Rule requirements or the Health IT developer and healthcare providers risk enforcement…[or potentially be subject to] penalties of up to $1 million per violation.”
1 Theresa Defino, “Four New OCR Settlements Feature Breaches, Shared Passwords, Records Access—Again,” Report on Patient Privacy 20, no. 11 (November 5, 2020), https://bit.ly/2InvBeW.
2 Office for Civil Rights, “OCR Settles Ninth Investigation in HIPAA Right of Access Initiative,” U.S. Department of Health & Human Services, October 9, 2020, https://bit.ly/35NUFnx.
3 Beth Pitman and Nathan Kottkamp, “‘Right of access’ initiative leads to nine settlements,” Waller Lansden Dortch & Davis LLP blog, October 12, 2020, https://bit.ly/34K87cO.
[View source.]