Log in

Home 5 Articles 5 Massachusetts Mental Health Hospital Fined $65,000 for HIPAA Right of Access Violation

Massachusetts Mental Health Hospital Fined $65,000 for HIPAA Right of Access Violation

by | May 6, 2021 | Articles, Compliance-lca, Essential, Lab Compliance Advisor

Case: The HIPAA Privacy Rule gives providers 30 days and, in some instances, 60 days to respond to patients’ requests of access to their medical records. But it took Massachusetts behavioral health services provider Arbour Hospital five months and one Office for Civil Rights (OCR) intervention to finally provide the records one of its patients had requested. In addition to a $65,000 fine, Arbour had to agree to implement corrective actions under OCR’s supervision. Significance: The OCR has now handed out 18 fines under its HIPAA Right of Access Initiative since launching it in April 2019 to enforce rules requiring providers to grant individuals’ access to their own protected health information. So far, the highest of these fines is $200,000. Here’s a Scorecard of all announced settlements to date.   OCR Right of Access Initiative Settlements Scorecard (as of April 28, 2021) Provider Settlement Amount* Allegations Banner Health ACE $200,000 OCR cites two occasions in which Phoenix-based not-for-profit health system took about 6 months to provide patients their requested PHI St. Joseph’s Hospital and Medical Center $160,000 Phoenix hospital refused to provide PHI to patient’s mother even though she was his legal representative NY Spine Medicine $100,000 Neurology practice refuses […]

Case: The HIPAA Privacy Rule gives providers 30 days and, in some instances, 60 days to respond to patients’ requests of access to their medical records. But it took Massachusetts behavioral health services provider Arbour Hospital five months and one Office for Civil Rights (OCR) intervention to finally provide the records one of its patients had requested. In addition to a $65,000 fine, Arbour had to agree to implement corrective actions under OCR’s supervision. Significance: The OCR has now handed out 18 fines under its HIPAA Right of Access Initiative since launching it in April 2019 to enforce rules requiring providers to grant individuals’ access to their own protected health information. So far, the highest of these fines is $200,000. Here’s a Scorecard of all announced settlements to date.   OCR Right of Access Initiative Settlements Scorecard (as of April 28, 2021)
Provider Settlement Amount* Allegations
Banner Health ACE $200,000 OCR cites two occasions in which Phoenix-based not-for-profit health system took about 6 months to provide patients their requested PHI
St. Joseph’s Hospital and Medical Center $160,000 Phoenix hospital refused to provide PHI to patient’s mother even though she was his legal representative
NY Spine Medicine $100,000 Neurology practice refuses patient’s multiple requests for copies of specific diagnostic films
Bayfront Hospital $85,000 Florida hospital didn’t provide expectant mother timely access to the PHI of her unborn child
Korunda Medical $85,000 After first refusing to provide it at all, Florida primary care and interventional pain management services provider sent patient’s PHI to third party in the wrong format and charged him excessive fees
Renown Health, P.C. $75,000 Nevada private, not-for-profit health system didn’t timely honor patient’s request to transfer her EHR and billing records to a third party
Sharp Rees-Stealy Medical Centers $70,000 California hospital and healthcare network didn’t timely honor request to transfer patient’s EHR to a third party
Beth Israel Lahey Health Behavioral Services $70,000 Massachusetts provider ignored request of personal representative seeking access to her father’s PHI
Arbour Hospital $65,000 Massachusetts mental health services provider kept patient waiting 5 months before granting access to his PHI
University of Cincinnati Medical Center, LLC $65,000 Ohio academic medical center failed to respond to patient’s request to send an electronic copy of her medical records maintained in its electronic health record EHR to her lawyers
Housing Works Inc. $38,000 New York City non-profit services provider refused patient’s request for a copy of his medical records
Peter Wrobel, M.D., P.C., dba Elite Primary Care $36,000 Georgia primary care practice failed to provide patient access to his medical records
Village Plastic Surgery $30,000 New Jersey practice failed to provide patient timely access to his medical records
Riverside Psychiatric Medical Group $25,000 California medical group didn’t provide patient copy of her medical records despite repeated requests and OCR intervention
Dr. Rajendra Bhayani $15,000 NY physician didn’t provide patient her medical records even after OCR intervened and closed the complaint
All Inclusive Medical Services, Inc. $15,000 California multi-specialty family medicine clinic refused patient’s requests to inspect and receive a copy of her records
Wise Psychiatry, PC $10,000 Colorado psychiatric firm refused to provide personal representative access to his minor son’s medical record
King MD $3,500 Virginia psychiatric practice didn’t provide patient access to her medical records even after OCR intervened, provided technical assistance and closed the complaint
*In addition to the monetary settlement, each accused provider had to agree to implement a corrective action plan and allow the OCR to conduct close monitoring for one to two years  

Subscribe to view Essential

Start a Free Trial for immediate access to this article

TRY FOR FREE