OCR levies another access penalty
Last year the Office for Civil Rights announced they would be particularly enforcing HIPAA right to access provisions against providers. Twelve violations later, they continue to make their point – if your patient requests their records, you better respond promptly. OCR is serious about enforcing patient rights.
Another provision is how much time you have to respond. The federal law allows a provider 30 days to respond to the patient’s request. However, many states have shorter timeframes. In California, for example, the required response time is 5 days. Note that this is not how much time you have to provide the records, but rather to respond to the request. Keep in mind, if you don’t provide the records within that window, you could be held accountable for a timeliness violation and find yourself in the headlines.
This recent penalty is a reminder that despite the chaos and uncertainty we are all experiencing, there are still laws we need to abide by, or our situation could be made worse.
Finally, be on the lookout for Black Friday and other holiday-related phishing email attempts. Emails that look like they came from a retailer where the sender name has been spoofed, for example, are common right now.
Happy Thanksgiving to everyone. I hope you’re all able to enjoy time with loved ones over the next few days.
If you have any questions or if you are concerned about your organization’s cybersecurity, give us a call at (800) 970-0402. We’ll be happy to help.
For more HIPAA information, download our ebook – The Ultimate HIPAA Compliance Handbook.
The HIPAA Security Rule requires the implementation of a security awareness and training program for all members of its workforce (including management). Have your team sign up for weekly HIPAA Security Reminder to help stay compliant.