Blog

Eleven HIPAA Enforcement Actions Settled in July 2022

HIPAA
July 27, 2022
Here is a roundup of the OCR Settlements that were reached in July 2022 due to potential HIPAA violations, all relating to the Right of Access Initiative.

Eleven HIPAA Enforcement Actions Settled in July 2022

Just last week on July 15th, The Office of Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) announced that they have reached a resolution on a number of Right of Access Initiative investigations. On this day, they reported eleven, yes, you heard that right, eleven new resolutions stemming from potential Right of Access Initiative violations. 

This brings the grand total of settlements under this initiative to thirty-eight since the OCR dedicated themselves to this concept in mid-2019. The OCR has remained dedicated to ensuring that every patient is afforded access to the information that is stored on them, a right that HIPAA has long stated that they deserved. 

Now let’s get into a brief recap of these 11 potential violations, investigations and eventual resolutions. Here is the information on each of these violations, pulled directly from the HHS report. 

“OCR has taken the following enforcement actions and ensured that complainants received copies of their records:

  • ACPM Podiatry, with offices in Peoria and Canton, Illinois, failed to provide a former patient with his requested medical records.  In response to an initial complaint, OCR provided ACPM with written technical assistance regarding the Privacy Rule’s right of access standard and closed the matter. OCR received a second complaint from the same individual, alleging that ACPM still had not provided the medical records, after numerous requests. ACPM did not respond to multiple data requests from OCR, nor to OCR’s Letter of Opportunity and Notice of Proposed Determination.  OCR issued a Notice of Final Determination and imposed a civil money penalty of $100,000.
  • Associated Retina Specialists, of New York, failed to provide a patient with a copy of her medical records until three days after OCR initiated its investigation, and nearly five months after the complainant’s first written request. Associated Retina has agreed to take corrective actions and paid $22,500 to settle a potential violation of the HIPAA Privacy Rule right of access standard.
  • Lawrence Bell, Jr., D.D.S., a dental practice located in Baltimore, MD, failed to provide timely access to a patient’s medical record.  The dental practice has agreed to take corrective actions and has paid $5,000 to settle a potential violation of the HIPAA Privacy Rule's right of access standard.
  • Coastal Ear, Nose, and Throat (ENT), located in Ormond Beach, Florida, failed to provide timely access to medical records after multiple requests for such records from a patient. Coastal ENT has agreed to take corrective actions and has paid $20,000 to settle a potential violation of the HIPAA Privacy Rule's right of access standard
  • Danbury Psychiatric Consultants (DPC), located in Massachusetts, failed to respond timely to a complainant’s access request.  DPC also withheld the complainant’s access on the basis that the complainant had an outstanding balance and required a signed request or authorization request. DPC has agreed to take corrective actions and has paid $3500 to settle a potential violation of the HIPAA Privacy Rule's right of access standard.
  • Erie County Medical Center Corporation, a public benefit corporation that operates a hospital, Erie County Medical Center (ECMC), located in Buffalo, New York, failed to timely provide an individual with a complete copy of his medical records. ECMC has agreed to take corrective actions and has paid $50,000 to settle a potential violation of the HIPAA Privacy Rule’s right of access standard.
  • Fallbrook Family Health Center, located in Nebraska, failed to provide timely access to medical records.  Fallbrook Family Health Center has agreed to take corrective actions and has paid $30,000 to settle a potential violation of the HIPAA Privacy Rule’s right of access standard.
  • Hillcrest Nursing and Rehabilitation, located in Massachusetts, failed to provide an individual’s personal representative with timely access to her son’s medical records. Hillcrest has agreed to take corrective actions and has paid $55,000 to settle a violation of the HIPAA Privacy Rule’s right of access standard.
  • MelroseWakefield Healthcare (MWH), a provider in Massachusetts, did not provide a personal representative with timely access to medical records on the mistaken basis that the durable power of attorney in this instance did not allow for the provision of such medical records.  MWH has agreed to take corrective actions and has paid $55,000 to settle a violation of the HIPAA Privacy Rule’s right of access standard.
  • Memorial Hermann Health System, a not-for-profit health system in Southeast Texas, consisting of 17 hospitals, including Memorial Hermann Katy Hospital, failed to respond timely to a complainant’s access request.  Memorial Hermann has agreed to corrective actions and has paid $240,000 to settle a potential violation of the HIPAA Privacy Rule's right of access standard.
  • Southwest Surgical Associates (SWSA) is a group practice with nine locations in the Greater Houston, TX area, failed to provide an individual timely access to their health information.  SWSA has agreed to corrective actions and has paid $65,000 to settle a potential violation of the HIPAA Privacy Rule’s right of access standard.”

July 2022 serves as potentially the most emphatic reminder that the OCR is continuing their committment to protecting all individual’s right to have access to their own protected health information. 

If you are an individual, remember the rights that are afforded to you by HIPAA and that you are able to submit complaints if these rights are not upheld. And if you are an organization that has to comply with HIPAA, today is the day to double check your systems and guarantee that you have the automations and trainings in place that will quickly and efficiently provide access to individuals that request it. 

If you are just starting to figure out your HIPAA compliance for the first time, let us help you through the process and reach compliance as quickly and simply as possible. Read through our compliance gameplan here and schedule a call with us when you’re ready to get started!

More from the Blog

GenixTec has achieved HIPAA Compliance with Accountable
Compliant Tools

GenixTec has achieved HIPAA Compliance with Accountable

HIPAA and Workforce Training
HIPAA

HIPAA and Workforce Training

Understanding HIPAA Certification
HIPAA

Understanding HIPAA Certification

Is Google Docs HIPAA Compliant?
Compliant Tools

Is Google Docs HIPAA Compliant?

Is Calendly HIPAA Compliant?
Compliant Tools

Is Calendly HIPAA Compliant?

Is Google Sheets HIPAA Compliant?

Is Google Sheets HIPAA Compliant?

Is iCloud HIPAA Compliant?
Compliant Tools

Is iCloud HIPAA Compliant?

President Biden Looks to Boost Cybersecurity at U.S. Ports
Data Security

President Biden Looks to Boost Cybersecurity at U.S. Ports

Get Started
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Ready to chat?

See how some of the fastest growing companies use Accountable to build trust through privacy and compliance.
Trusted by
Accountable Compliance Management Logo

We make it easy to get your own HIPAA Certification and build trust with your customers and patients.

Product
PlaybooksHow it worksProductPricingWatch DemoSeal of ComplianceGet Support
Solutions
HIPAAGDPR
Resources
BlogHIPAA TrainingHIPAA Risk AnalysisGDPR Risk Analysis
Company
AboutCareersSupportContact UsPrivacy CenterProduct Updates
Account
Sign InForgot Password

"Accountable allowed us to quickly establish Core Compliance with HIPAA as well as a firm foundation for our Security Program." - Michael H.

© 2024 Accountable HQ, Inc.
SitemapTerms of ServicePrivacy Policy