The Office for Civil Rights (OCR) isn’t offering leniency just because you’re a small business. Action will be taken, despite the impact that a HIPAA fine can have on this sector of healthcare. And as eleven recent investigations prove the point, many of those were small practices. This brings the total to 38 enforcement actions since the HIPAA Right of Access Initiative began.
What Is The Right of Access Initiative?
The Department of Health and Human Services (HHS) states that individuals have a right to access their PHI (protected health information) in a “designated record set”. Once requested by the patient, a covered entity should provide the information to the patient in a timely manner. This is generally within 30 days of the request, although there may be parameters around that which would affect the timeline.
Recent Enforcement Details
The press release of the recent enforcements includes a $5,000 fine for a dental practice and a $20,000 fine for an ENT located in Florida. The entities included in the summary ranged in size. Despite each one receiving a different fine, they all have to make adjustments to their policies and procedures. It can’t be emphasized enough that you should be proactive in your efforts to maintain compliance, rather than reactive. A business can end up paying more if they fail to meet the regulations. They will receive a fine, and will still have to address the gaps in their policies and procedures. OCR Director Lisa J. Pino said, “Health care organizations should take note that there are now 38 enforcement actions in our Right of Access Initiative and understand that OCR is serious about upholding the law and peoples’ fundamental right to timely access to their medical records.”
We know that running a business of any size is a lot of work, and often a team effort. And small businesses can bear more of the burden to get it all done on a shorter budget and usually with less staff.
This article was originally published on HIPAA Secure Now! and is republished here with permission.