On Monday, the Office for Civil Rights (“OCR”) at the U.S. Department of Health & Human Services (“HHS”) announced an enforcement action against Bayfront Health St. Petersburg (“Bayfront”) for allegedly failing to provide a mother timely access to her unborn child’s prenatal medical records. The enforcement action is noteworthy in that it marks OCR’s first enforcement action under its Right of Access Initiative, announced earlier this year to focus more on enforcing patients’ rights to access their medical records without being overcharged.

After receiving a complaint in August 2018, OCR conducted an investigation indicating that Bayfront, a trauma and tertiary care center based in St. Petersburg, Florida, failed to provide the mother timely access to her unborn child’s fetal heart monitor records in accordance with the Health Insurance Portability and Accountability Act (“HIPAA”). HIPAA generally requires health care providers such as Bayfront to provide patients with access to their medical records, as well as those of their minor children, within 30 days of a request. HIPAA also prohibits charging more than a reasonable cost-based fee for such access.

Bayfront agreed to pay $85,000 to OCR to settle the potential HIPAA violation while not admitting to any wrongdoing. Bayfront also agreed to a corrective action plan including training, updating policies and procedures, and OCR monitoring.

This enforcement action signals a continued push from HHS to hold the health care industry accountable for giving individuals access to their health information. Earlier this year, the Office of the National Coordinator for Health Information Technology released proposed regulations on interoperability and information blocking and CMS released proposed regulations on interoperability also aimed at promoting patient access to their health information. In light of this enforcement action and regulatory activity, we recommend that covered entities carefully review their policies and procedures regarding individuals’ access to health information.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Brandon C. Ge Brandon C. Ge

Brandon C. Ge is a counsel in Crowell & Moring’s Washington, D.C. office, where he is a member of the firm’s Privacy and Cybersecurity and Health Care groups.

Brandon advises clients on a wide range of privacy and cybersecurity laws, regulations, and standards.

Brandon C. Ge is a counsel in Crowell & Moring’s Washington, D.C. office, where he is a member of the firm’s Privacy and Cybersecurity and Health Care groups.

Brandon advises clients on a wide range of privacy and cybersecurity laws, regulations, and standards. His practice has a particular focus on advising clients – from start-up digital health companies to large health plans – on all aspects of compliance with the Health Insurance Portability and Accountability Act (HIPAA). Brandon regularly assists clients with responding to security incidents and has successfully represented clients in Office for Civil Rights investigations.

Photo of Jodi G. Daniel Jodi G. Daniel

Jodi Daniel is a partner in Crowell & Moring’s Health Care Group and a member of the group’s Steering Committee. She is also a director at C&M International (CMI), an international policy and regulatory affairs consulting firm affiliated with Crowell & Moring. She…

Jodi Daniel is a partner in Crowell & Moring’s Health Care Group and a member of the group’s Steering Committee. She is also a director at C&M International (CMI), an international policy and regulatory affairs consulting firm affiliated with Crowell & Moring. She leads the firm’s Digital Health Practice and provides strategic, legal, and policy advice to all types of health care and technology clients navigating the dynamic regulatory environment related to technology in the health care sector to help them achieve their business goals. Jodi is a contributor to the Uniform Law Commission Telehealth Committee, which drafts and proposes uniform state laws related to telehealth services, including the definition of telehealth, formation of the doctor-patient relationship via telehealth, creation of a registry for out-of-state physicians, insurance coverage and payment parity, and administrative barriers to entity formation.