Electronic Healthcare Records , Governance & Risk Management , HIPAA/HITECH

HHS OCR Issues 15th Records Access Settlement

Will Enforcement of This HIPAA Provision Be a Priority in Biden Administration?
HHS OCR Issues 15th Records Access Settlement
Renown Health in Nevada has agreed to pay $75,000 to federal regulators to settle a patient "right of access" dispute.

Despite a change in administrations, federal regulators appear to be continuing to focus on the importance of providing patients with timely access to their health records.

The Department of Health and Human Services has issued its 15th HIPAA settlement involving a healthcare entity's failure to fulfill a patient's request for an electronic copy of medical records.

See Also: OnDemand | Making the Connection Between Cybersecurity and Patient Care

HHS' Office for Civil Rights says its $75,000 settlement with Renown Health also requires the not-for-profit healthcare delivery system in Nevada to implement a corrective action plan.

Case Details

In the resolution agreement, OCR notes that in January 2019, a Renown Health patient submitted a request for an electronic copy of all protected health information in her designated record set, including billing records, to be transmitted to the patient's attorney.

In February 2019, OCR received a complaint from the patient, alleging that Renown Health had failed to promptly respond to the patient’s request.

In fact, Renown Health did not provide access to all the requested documents until Dec. 27, 2019, as a result of the agency's investigation, OCR notes.

“Access to one’s health records is an essential HIPAA right, and healthcare providers have a legal obligation to their patients to provide access to their health information on a timely basis,” acting OCR Director Robinsue Frohboese said in a statement.

'Miscommunication'

In a statement provided to Information Security Media Group, Renown Health says that the incident involved a "miscommunication" in 2018 regarding the release of a patient’s medical and billing records to her attorney.

"Renown makes no admittance of wrongdoing in the actions taken by our health information management [medical records] staff," the statement says.

"Renown is committed to ensuring that patients have access to their protected health information and empowering team members to speak up if there are concerns regarding patient privacy without fear of retaliation and has implemented an awareness, training and education plan for staff."

Corrective Action Plan

Under its resolution agreement with OCR, Renown Health has agreed to take a number of corrective actions, including:

  • Developing, maintaining and/or revising and implementing written access policies and procedures to comply with the HIPAA Privacy Rule, including procedures to ensure comprehensive and timely responses to patients' requests to access PHI;
  • Distributing those policies and procedures to all staff members;
  • Providing training for all staff whose job duties relate to receiving, reviewing, processing or fulfilling requests for access to records.

Top Priority

The case is OCR's first HIPAA enforcement action since the Biden administration began.

The administration has not yet named a new HHS OCR director. Frohboese, the acting director, is a longtime staff member at the agency.

OCR's other settlements in patient right of access disputes under the Trump administration have had financial penalties ranging from $3,500 to $200,000. That largest penalty was in a settlement with Phoenix-based Banner Health after failure to provide timely records access to two individuals.

"All of these cases have been relatively small potatoes, but that’s also why they are important," says privacy attorney Kirk Nahra of the law firm WilmerHale. "They demonstrate the need to comply because the government will pursue in this area."

Some regulatory experts say the agency's recent emphasis on enforcing patients' rights to access medical records will continue under the Biden administration.

"Patient access to their health records as well as opening up avenues for consumers to direct health records to third parties was a major goal of the 21st Century Cures legislation championed by then-Vice President Biden," notes privacy attorney David Holtzman of the consulting firm HITprivacy LLC.

"President Biden’s executive orders for fighting the COVID-19 crisis expressly called on removing roadblocks for data access and sharing for public health and vaccine administration programs."


About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.