Know The Rules

OCR announces 11 more HIPAA ROA violations

Eleven more fines, are you next?

OCR recently announced that 11 more entities were fined for failing to provide timely access to patient records following a patient complaint. This list included mental health practitioners, dentists, and more. This announcement proves 3 things - organizations aren't getting the message, patients are aware of the requirement, and no medical practitioner is safe.

We've said this before and we'll repeat it - it's essential you have a multi-tiered process in place for handling patient records requests. If all emails go to a particular staff member, and they go on vacation, you better have those emails getting covered by another team member. You simply cannot afford to ignore or mishandle a records request from a patient. If you need guidance on setting up an effective procedure for your office, give us a call.

The second point to be aware of is patients are onto this requirement - and they're either genuinely or maliciously holding your feet to the fire. Your procedure has to account for the occasional patient who may have bad intentions in their interactions with your staff. This trend will continue - patients are demanding to take more control of their health information, so having a bullet-proof process in place is essential.

The rules are straightforward - you need to be able to provide your patients with copies of their medical records in the format they request them in and in a timely manner - HIPAA gives you 30 days, but the exact time varies by state.

Call us to ensure your RIsk Assessment is completed before the end of the year. Stay compliant, stay safe.

HIPAA Security Reminders


HIPAA Security Suite has developed a weekly HIPAA Security Reminder series that’s FREE for all of us who are responsible for, or engaged in, the use and protection of PHI.

Pursuant to Section 164.308(a)(5) of the HIPAA Security Rule, the Standard states: Implement a security awareness and training program for all members of its workforce (including management).

This standard is part of our Best Practices Recommendations for HIPAA Security Suite users, but it’s available for FREE to anyone who wants to comply with HIPAA using the easiest, best tools available.

Sign Up

Scroll to Top