Children’s Hospital & Medical Center in Omaha, Nebraska, has agreed to pay $80,000 to settle a potential violation of the Health Insurance Portability and Accountability Act’s Privacy Rule, according to a news release from the Office for Civil Rights at the U.S. Department of Health and Human Services.
In May 2020, a parent filed a complaint with the office alleging that the center, which provides pediatric health care services, had failed to provide her with timely access to her daughter’s medical records.
The center provided some records but did not provide all of them despite the parent’s multiple requests, the complaint alleged.
The Office for Civil Rights investigated and found that the center’s failure to provide timely access was a potential violation of the HIPAA right of access standard, which requires a covered entity to act on a request within 30 days of receipt, or within 60 days if an extension is applicable.
The Office for Civil Rights said it is the resolution of its 20th investigation in its HIPAA Right of Access Initiative. The office created this initiative to support individuals’ right to timely access of their health records at a reasonable cost under the HIPAA Privacy Rule.
“Generally, HIPAA requires covered entities to give parents timely access to their minor children’s medical records, when the parent is the child’s personal representative,” said Robinsue Frohboese, J.D., Ph.D., acting Office for Civil Rights director, in the news release. “[The] Right of Access Initiative supports patients’ and personal representatives’ fundamental right to their health information and underscores the importance of all covered entities’ compliance with this essential right.”
In addition to the financial settlement, the center will undertake a corrective action plan that includes one year of monitoring, according to the resolution agreement and corrective action plan.
For additional information on the office’s privacy and security rules, visit the office’s website.
This post, Children’s hospital agrees to pay $80,000 to resolve potential violation of HIPAA standard, was first shared on the American Dental Association (ADA) website on September 21, 2021.