HIPAA Fine Violation Spotlight

HIPAA Fines Charged For Security and Privacy Rule Violation

The Office for Civil Rights (OCR) has been following its HIPAA Right of Access Initiative all year. The initiative was intended to support individual’s rights to timely access to their health records, at reasonable cost, under the HIPAA Privacy Rule. 

So far, many examples have arisen of health institutions simply not providing health records for years on end, usually only providing them once the OCR has begun an investigation. While the definition of ”timely” may be flexible, when individuals are making decisions about health care, they need access to all the relevant information. In this country health care can factor into decisions about what job to take, where to move your family, or what school your child can safely attend. Life-changing decisions like this cannot wait years.

The most recent example comes from the Diabetes, Endocrinology & Lipidology Center, Inc. (DELC). A complaint was filed in early August of 2019 when the DELC failed to deliver the medical records of a minor to their parents in a timely fashion. Despite the law that requires them to provide the records, they did not fulfill the request until May of 2021 as a result of the OCR’s investigation.

“It should not take a federal investigation before a HIPAA covered entity provides a parent with access to their child’s medical records,” said Acting OCR Director Robinsue Frohboese.  “Covered entities owe it to their patients to provide timely access to medical records.”

DELC has agreed to take corrective action and pay a $5,000 fine to settle their potential violation.