HIPAA Violations Tiers

HIPAA Violations – Twenty-Five Fines and Counting

Twenty-Five Fines and Counting

Since 2019, the Office for Civil Rights (OCR), the HIPAA enforcement arm of the Department of Health and Human Services, has been enforcing violations of the rights of patients to have timely access to their medical records. Most recently they levied five fines against various organizations for violations of patients' rights. These fines included a $100,000 fine against a solo practitioner. As we have stated before, right of access violations are no joke - and they can occur very easily.

The most important piece to know about this is providers have a timeline by which to respond to a patient's request for records. It gets more complicated when you factor in that states often have shorter deadlines. Also, it's not just that you have to comply, but you also have to be able to convey the information in the format requested.

By now, most healthcare organizations are prepared for this. However, the fines occur when in-place processes fail, and sadly, they fail often.

We encourage you to review your records request process and sure up any weak links. We recommend having redundancy in the process to eliminate a single point of failure. If one employee is absent, those requests need to be visible and actionable for others.

We haven't heard a lot from OCR regarding HIPAA enforcement since the start of COVID, but these fines are a reminder the wheels are still turning and you can't allow yourself to slack on the rules.

On that same note, if you haven't completed a security risk assessment this year, it's not too late. Maintain your compliance while you still can by giving us a call.

Have a successful week.

HIPAA Security Reminders


HIPAA Security Suite has developed a weekly HIPAA Security Reminder series that’s FREE for all of us who are responsible for, or engaged in, the use and protection of PHI.

Pursuant to Section 164.308(a)(5) of the HIPAA Security Rule, the Standard states: Implement a security awareness and training program for all members of its workforce (including management).

This standard is part of our Best Practices Recommendations for HIPAA Security Suite users, but it’s available for FREE to anyone who wants to comply with HIPAA using the easiest, best tools available.

Sign Up

Scroll to Top