• Magazine
    • Past Issues
    • Subscribe
    • Change Mailing Address
    • Surveys
    • Guidelines for Authors
    • Editorial Calendar
    • Editorial Deadlines
  • Practice
    • Business Tips
    • Chiropractic Schools
    • Clinical & Technique
    • eBooks
    • eCourses
    • Infographics
    • Quizzes
    • Wellness & Nutrition
    • Personal Growth
    • Podcast
  • Resource Centers
  • Products & Services
    • Buyer’s Guide
    • Products Directory
    • Submit a Product
    • Vendor Login
  • Datebook
    • Become an Events Poster
    • Post an Event
    • View Events
  • Jobs
    • Jobs
    • Post a Job
  • Advertise
    • Advertising Information
    • Media Kit
    • Contact Us
    • Upload Advertising

Your Online Chiropractic Community

Chiropractic Economics Your Online Chiropractic Community
Subscribe
  • Home
  • Current Issue
  • News
  • Webinars
  • Chiropractic Research
  • Students
  • Coronavirus (COVID-19)

Horror stories and compliance signs that your practice may be in trouble

Maggie Hales March 16, 2020

A simple rule for avoiding expensive Patient Right of Access fines, and taking notice of compliance signs that trouble may be ahead...

A simple rule for avoiding expensive Patient Right of Access fines, and taking notice of compliance signs that trouble may be ahead

Maintaining a profitable medical practice in today’s economy is a challenge. One costly mistake can be avoided if you know the rules.

The “patient right of access” is a rule you should learn if you’re not familiar with it, and follow to avoid big fines. It’s a top priority for the Office for Civil Rights (OCR), the agency that enforces HIPAA. OCR has a new “Right of Access Initiative” and has settled two big cases recently.

Bayfront Medical, a Florida hospital, became the first to get hit by the federal government’s push to improve patient access to records. They paid an $85,000 settlement and agreed to a corrective action plan because they ignored this HIPAA rule and compliance signs. Then in December, OCR announced its second case, another $85,000 settlement and corrective action plan, with Korunda Medical, a Florida company providing primary care and pain management.

Records access rules

When patients ask for information about their own medical treatment, they should receive it promptly, easily and at minimal to no cost.

At Bayfront Medical a pregnant mother wanted information about her unborn child’s heart rate, so she asked, and asked, and asked again. Bayfront Health St. Petersburg was slow, didn’t reply, and didn’t prioritize her request. Nine months later federal regulators started to investigate, and she finally got her answer, although HIPAA requires that records be provided within 30 days. 

This right to patient records extends to parents who wish to obtain medical information about their minor children, and in this case, a mother who sought prenatal health records. In addition to the $85,000 settlement, Bayfront agreed to a corrective action plan, requiring OCR oversight for three years to make sure they follow HIPAA.

At Korunda Medical it was a simple ask: “Please email my medical records to my new physician.” But Korunda Medical didn’t take its patient request seriously or heed the compliance signs.

The resulting OCR investigation cost Korunda, a health care provider serving more than 2,000 patients, $85,000 and a lot of bureaucratic headaches in the form of a lengthy corrective action plan.

Instead of simply sending a secure digital version of its patient’s records as required by HIPAA, Korunda stalled, overcharged for the records, and ultimately sent the document in the wrong format. Bayfront and Korunda could have avoided this liability had they known the rules — step-by-step rules which are easy to follow.

Compliance signs: what does ‘Right of Access’ look like?

It should be fast, easy and convenient.

Individuals should be able to view or obtain a copy of their medical information contained in a “designated record set.” That means a broad range of information used to make decisions, including medical, billing and payment records; insurance information; clinical laboratory test results; medical images, such as X-rays; wellness and disease management program files; and clinical case notes.

There are a few limited exceptions to the right of access. Examples include:

  • Psychotherapy notes;
  • Records that are part of a research study still in progress;
  • Information compiled for a legal proceeding.

Patients are entitled to their records no matter where they’re located. If the records are held by a business associate (like a billing vendor or practice manager), the business associate agreement usually says whether the business associate may give them directly to the patient, or should give them to the covered entity to send to the patient.

Patients may request the information from their health care provider or health plan, who must provide it in the format requested — paper or electronic, and delivered by mail or email. They may direct that the information be delivered to a designated third party — a family member, a personal health record service or mobile health application.

The provider should deliver promptly, but in no more than 30 days. When longer time is needed, they should inform the individual of the reason, but take no longer than an additional 30 days. Any fee for providing records should be reasonable and cost-based, e.g., minimal.

Three common problems are providers failing to send records via email when requested, taking more than 30 days, and charging too much.

Another issue plagues health care providers — they often confuse HIPAA right of access with authorization. No patient authorization or form is needed.

HIPAA Right of Access is an OCR priority

OCR Director Roger Severino warned in December of last year that the Bayfront and Korunda cases are the first examples, and OCR will continue to investigate similar claims.

“For too long, health care providers have slow-walked their duty to provide patients their medical records out of a sleepy bureaucratic inertia,” Severino said. “We hope our shift to the imposition of corrective actions and settlements under our Right of Access Initiative will finally wake up health care providers to their obligations under the law.”

Check your state rules

HIPAA preempts state law except when state law is more stringent, so always look to your state law also when it comes to medical records, access and privacy.

In California, for instance, records must be produced within 15 days of the request. How fast is your business heeding the compliance signs with records requests? Do you have a plan?

If the answer to any of these questions makes you nervous, think about getting help to get your HIPAA house in order and keep up with the latest hot-button HIPAA topics. Learn the basics to avoid big fines.

MAGGIE HALES, JD, is a lawyer specializing in health information privacy and security. As CEO of ET&C Group LLC she advises health care providers and business associates in 36 states, Canada, Egypt, India and the EU, using The HIPAA E-Tool® to deliver up-to-date policies, forms and training on everything related to HIPAA compliance. Learn more about easy steps to compliance at thehipaaetool.com.

Related Posts

  • New EHR implementations and functionality: how does your software rate?New EHR implementations and functionality: how does your software rate?
  • Diversification marketing and base hits over home runsDiversification marketing and base hits over home runs
  • Chiropractic discount plan: know the rules or elseChiropractic discount plan: know the rules or else
  • Compliance horror stories and staying ahead of riskCompliance horror stories and staying ahead of risk
  • Horror stories from million-dollar non-compliance security mistakesHorror stories from million-dollar non-compliance security mistakes
  • Develop confidence with cash and foot orthoticsDevelop confidence with cash and foot orthotics

Filed Under: Chiropractic EHR, issue-04-2020, Resource Center

Current Issue

Follow Us

  • Facebook
  • Twitter
  • Instagram
  • LinkedIn
  • YouTube logoYouTube logoYouTube

820 A1A N Highway W18,

Ponte Vedra Beach, FL 32082

Phone 904.285.6020

Fax 904.395.9118

CONTACT US »

Privacy Policy & Terms of Service

Copyright © 2021, All Rights Reserved

SUBSCRIBE TO THE MAGAZINE

Get Chiropractic Economics magazine
delivered to your home or office. Just
fill out our form to request your FREE
subscription for 20 issues a year,
including two annual Buyers Guides.

SUBSCRIBE NOW »

Latest Chiropractic News

  • Sherman College named school of national service by AmeriCorps
    Sherman College logo
  • New Mentor Program for Black Hemp Farmers Announced by CBD Leader Charlotte’s Web
  • Foot Levelers announces new orthotic training sessions, speakers