The $80,000 patient complaint

 

OCR issued an announcement last week marking their 20th assessed fine to a Covered Entity for a Right of Access failure. If you haven’t gotten the message yet, now may be the time to tune in. The Office for Civil Rights continues to aggressively pursue Right of Access violations, and if you don’t have your process working flawlessly, you may find yourself on this growing list. Here’s the story of how one patient cost one such CE an $80,000 fine and the pleasure of enduring an OCR audit.

A parent requested her child’s records from Children’s Hospital & Medical Center in Omaha Nebraska. The request was detailed and required CHMC to pull records from multiple departments. While some of the records were provided, the CE failed to meet the full list of requested records, and the patient complained to OCR. After a review and audit, CHMC has assessed an $80,000 penalty. The breakdown within CHMC appeared to be a failure to communicate across departments. 

Let’s face it, this can easily happen, even with the best processes. So while we can hammer the point that you must make your patient records request process bulletproof, there’s another takeaway you need to consider. Namely, this patient became so upset with this organization that she filed a complaint with OCR. While mistakes may happen, that’s where the preventable breakdown occurred. It’s important to note this parent made several requests before resorting to filing a complaint. 

The most important message for you to take away from this Reminder is that ONE SINGLE PATIENT can cause significant damage to your organization. While streamlining your document management and records requests processes is essential, so too is your patient management. 

Don’t let preventable problems like this ruin your day. 

On another note, APPLE issued a critical security update this week. Be sure to update your IOS devices. 

Thank you for reading and staying cyber alert.

If you have any questions or if you are concerned about your organization’s cybersecurity, give us a call at (800) 970-0402. We’ll be happy to help.


For more HIPAA information, download our ebook – The Ultimate HIPAA Compliance Handbook.

The HIPAA Security Rule requires the implementation of a security awareness and training program for all members of its workforce (including management). Have your team sign up for a weekly HIPAA Security Reminder to help stay compliant.