A recent $100,000 fine imposed on Rio Hondo Community Mental Health Center highlights the critical importance of complying with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Right of Access provisions. This enforcement action by the Office for Civil Rights (OCR) serves as a reminder that healthcare providers must prioritize timely access to patient medical records.
What You Need to Know:
- HIPAA Privacy Rule Requirement: Patients must have access to their mental health records within 30 days, with one potential 30-day extension if necessary.
- Reasonable, Cost-Based Fee: Ensure fees for copies are compliant and reasonable.
- Enforcement Priority: OCR continues to focus on ensuring patient rights, including imposing civil penalties for non-compliance.
What Happened:
Rio Hondo failed to provide mental health records for nearly seven months, despite repeated patient requests. OCR's investigation resulted in:
- A $100,000 penalty for non-compliance.
- Legal action to enforce patient rights.
Actions You Can Take to Avoid Fines:
- Review Policies: Ensure your organization complies with HIPAA's Right of Access provisions.
- Confirm Valid Release or Subpoena: Contact an attorney to ensure any request you receive is compliant with both HIPAA and the Illinois Mental Health and Developmental Disabilities Confidentiality Act (IMHDDCA).
- Respond Promptly: Provide requested records within 30 days to avoid violations.
- Train Staff: Educate your team on HIPAA and IMHDDCA compliance and the importance of timely record access.
- Audit Processes: Regularly review procedures to identify and address any delays in record provision.
Additional Resources:
Protect your organization and uphold patient rights. If you suspect a violation of health information privacy, you can file a complaint with OCR here
