Entity Rescinds Improper Charges for Medical Record Copies to Reflect Reasonable, Cost-Based Fees
Entity Rescinds Improper Charges for Medical Record Copies to Reflect Reasonable, Cost-Based Fees
Covered Entity: Private Practice
Issue: Access
A patient alleged that a covered entity failed to provide him access
to his medical records. After OCR notified the entity of the
allegation, the entity released the complainant’s medical records but
also billed him $100.00 for a “records review fee” as well as an
administrative fee. The Privacy Rule permits the imposition of a
reasonable cost-based fee that includes only the cost of copying and
postage and preparing an explanation or summary if agreed to by the
individual. To resolve this matter, the covered entity refunded the
$100.00 “records review fee.”
| Hospital Issues Guidelines Regarding Disclosures to Avert Threats to Health or Safety Covered Entity: General Hospital Issue: Safeguards; Impermissible Uses and Disclosures; Disclosures to Avert a Serious Threat to Health or Safety After treating a patient injured in a rather unusual sporting accident, the hospital released to the local media, without the patient’s authorization, copies of the patient’s skull x-ray as well as a description of the complainant’s medical condition. The local newspaper then featured on its front page the individual’s x-ray and an article that included the date of the accident, the location of the accident, the patient’s ...read more |
| Mental Health Center Corrects Process for Providing Notice of Privacy Practices Covered Entity: Outpatient Facility Issue: Notice A mental health center did not provide a notice of privacy practices (notice) to a father or his minor daughter, a patient at the center. In response to OCR’s investigation, the mental health center acknowledged that it had not provided the complainant and his daughter with a notice prior to her mental health evaluation. To resolve this matter, the mental health center revised its intake assessment policy and procedures to specify that the notice will be provided and the clinician will attempt to ...read more |
| Pharmacy Chain Institutes New Safeguards for PHI in Pseudoephedrine Log Books Covered Entity: Pharmacies Issue: Safeguards A grocery store based pharmacy chain maintained pseudoephedrine log books containing protected health information in a manner so that individual protected health information was visible to the public at the pharmacy counter. Initially, the pharmacy chain refused to acknowledge that the log books contained protected health information. OCR issued a written analysis and a demand for compliance. Among other corrective actions to resolve the specific issues in the case, OCR required that the pharmacy chain implement national policies and procedures to safeguard the ...read more |
| Private Practice Revises Process to Provide Access to Records Covered Entity: Private Practices Issue: Access A private practice failed to honor an individual's request for a complete copy of her minor son's medical record. OCR's investigation determined that the private practice had relied on state regulations that permit a covered entity to provide a summary of the record. OCR provided technical assistance to the covered entity, explaining that the Privacy Rule permits a covered entity to provide a summary of patient records rather than the full record only if the requesting individual agrees in advance to such a summary ...read more |
|
June 2026
| Su | Mo | Tu | We | Th | Fr | Sa |
| 1 | 2 | 3 | 4 | 5 | 6 |
| 7 | 8 | 9 | 10 | 11 | 12 | 13 |
| 14 | 15 | 16 | 17 | 18 | 19 | 20 |
| 21 | 22 | 23 | 24 | 25 | 26 | 27 |
| 28 | 29 | 30 |
|
Blog Home
Newest Blog Entries
1/21/25 Understanding Business Associate Agreements
11/12/22 Modernizing Medicine Agrees to Pay $45 Million to Resolve Allegations of Accepting and Paying Illegal Kickbacks and Causing False Claims
11/12/22 Indian National Charged in $8 Million COVID-19 Relief Fraud Scheme
11/12/22 Former Hospital Employee Pleads Guilty To Criminal HIPPA Charges
11/12/22 Covered entities and those persons rendered accountable by general principles of corporate criminal liability may be prosecuted directly under 42 U.S.C. § 1320d-6
11/12/22 The Delaware Division of Developmental Disabilities Services Data Breach
11/12/22 OCR Settles Three Cases with Dental Practices for Patient Right of Access under HIPAA
11/12/22 HHS Issues Guidance on HIPAA and Audio-Only Telehealth
11/12/22 Five Former Methodist Hospital Employees Charged with HIPAA Violations
11/12/22 May a covered entity use or disclose protected health information for litigation?
11/12/22 When does the Privacy Rule allow covered entities to disclose protected health information to law enforcement officials?
Blog Archives
November 2022 (54)
January 2025 (1)
Blog Labels
PPP Fraud (1)
Data Breach (1)
HIPAA Enforcement (3)
ePHI (2)
EHR Fraud (1)
BAA (4)
HIPAA (2)
Covered Entity (40)
Telehealth (1)
|
