February 12, 2021
The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services announces its sixteenth settlement of an enforcement action in its HIPAA Right of Access Initiative. OCR announced this initiative to support individuals’ right to timely access their health records at a reasonable cost under the HIPAA Privacy Rule.
Sharp HealthCare, doing business as Sharp Rees-Stealy Medical Centers (“SRMC”), has agreed to take corrective actions and pay $70,000 to settle a potential violation of the HIPAA Privacy Rule’s right of access standard. SRMC is located in California and provides health care through four acute-care hospitals, three specialty hospitals, three affiliated medical groups, and a health plan.
In June 2019, a complaint was filed with OCR alleging that SRMC failed to take timely action in response to a patient’s records access request directing that an electronic copy of protected health information in an electronic health record be sent to a third party. OCR provided SRMC with technical assistance on the HIPAA Right of Access requirements. In August 2019, OCR received a second complaint alleging that SRMC still had not responded to the patient’s records access request. OCR initiated an investigation and determined that SRMC’s failure to provide timely access to the requested medical records was a potential violation of the HIPAA right of access standard. As a result of OCR’s investigation, SRMC provided access to the requested records.
“Patients are entitled to timely access to their medical records. OCR created the Right of Access Initiative to enforce and support this critical right,” said Acting OCR Director Robinsue Frohboese.
In addition to the monetary settlement, SRMC will undertake a corrective action plan that includes two years of monitoring. A copy of the resolution agreement and corrective action plan may be found at: https://www.hhs.gov/sites/default/files/sharp-racap.pdf.
