OCR is Serious About Patients’ Rights to Access Records, Announcing Enforcement Actions Against 5 Providers
When providers, health plans, business associates, and even patients and plan participants think of the HIPAA privacy and security rules (‘HIPAA Rules”), they seem to be more focused on the privacy and security aspects of the HIPAA Rules. That is, for example, safeguarding an individual’s protected health information (PHI) to avoid data breaches or avoiding improper disclosures to persons without authority for receiving same. An equally important aspect of the HIPAA Rules, however, is ensuring patient access to health records, as shown by recent enforcement activity announced yesterday by the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS).
Last year, OCR commenced its Right of Access Initiative, an enforcement priority in 2019 to support individuals’ right to timely access to their health records at a reasonable cost. At least one study found providers are struggling to fully comply with the right to access requirement under HIPAA, rights which also exist under state law. A study by medRxiv reported in HIPAAJournal highlights this issue. During the study,...