Riverside (Calif.) Psychiatric Medical Group has agreed to pay $25,000 for violating HIPAA’s right of access standard requiring hospitals to give patients copies of their health records promptly and without being overcharged.
The Nov. 6 settlement is the 10th coming out of the HHS Office of Civil Rights under an initiative to enforce the standard.
The civil rights office received a complaint in March 2019 from a patient claiming that the medical group did not provide her a copy of her medical records despite several requests beginning in February 2019. The office gave the medical group technical assistance on how to comply with the right of access requirements and closed the case. But in April 2019, the office received a second complaint that the medical group still had not provided the patient with access to her records.
The civil rights office opened an investigation of the medical group’s claim that because the requested records included psychotherapy notes, it did not have to comply with the access request.
The office found that while HIPAA doesn’t require production of psychotherapy notes, it does require that people requesting their records be given an explanation of why their request is denied. The medical group should also have given the woman requesting her records everything but the psychotherapy notes, the civil rights office determined.
As a result of the investigation, the medical group sent the woman all requested medical records, excluding psychotherapy notes, in October. In addition to the financial settlement, the medical group will undergo a two-year corrective action plan and monitoring by the civil rights office.
More articles on cybersecurity:
National Guard cybersecurity team deployed to UVM Health: 4 details
Hospitals tighten email security, restrict external messages to prevent ransomware
Cone Health unable to recover patient data lost in ransomware attack
© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.