Dental Practitioner Fined $30,000 for Noncompliance with the HIPAA Right of Access
OCR investigated Dr. Donald Brockley D.D.M, who is a solo dental practitioner based in Butler, PA, because of a complaint submitted by a patient who did not get a copy of the requested health records in the time frame set by the HIPAA Privacy Rule. OCR confirmed that Dr. Brockley had violated the HIPAA Right of Access but gave the dental practitioner the chance to present written evidence of any mitigating issues in an August 27, 2019, letter. There was no response given.
OCR then informed Dr. Brockley of its intent to issue a $104,000 financial penalty, and Dr. Brockley sought a hearing with an Administrative Law Judge to dispute the financial charges. On October 8, 2021, the parties submitted a joint proposal to stay proceedings for 60 days, where both parties had an agreement and the case was resolved.
Dr. Brockley agreed to settle the case by paying a $30,000 financial penalty and implementing a corrective action plan that involved updating guidelines and procedures to make sure to comply with the HIPAA Right of Access.
California Psychiatric Medical Services Pays $28,000 Financial Penalty to Resolve HIPAA Right of Access Case
OCR investigated Jacob & Associates, a provider of psychiatric medical services in California, because of a complaint filed by a patient who stated that Jacob & Associates failed to provide a copy of the medical records, which was requested on July 1, 2018. The complainant stated that since 2013 such a request was made every July 1, but the requested records were never provided.
After filing the complaint with OCR, the patient sent again the record request. A complete copy of the requested health records was provided on May 16, 2019 via electronic mail. Nevertheless, before the patient received those records, she needed to go to the practice to fill out a record access form personally. She was additionally asked to pay $25 for the requested copy of records, and at first only received a partial, one-page copy and needed to send another request to get her complete records.
OCR confirmed that Jacob & Associates committed a violation of the HIPAA Right of Access by not delivering prompt access to the patient’s health records, had billed the patient an unfair non-cost-based price, and didn’t have guidelines and procedures regarding the right of patients to obtain their protected health information (PHI).
In the course of the investigation, OCR additionally confirmed that Jacob & Associates had no assigned HIPAA Privacy Officer and lacked the required content for its notice of privacy practices. The case was resolved after Jacob & Associates paid $28,000 and agreed to implement a corrective action plan to deal with all issues of non-compliance.