Mental Health Center Provides Access after Denial

Mental Health Center Provides Access after Denial
Covered Entity: Mental Health Center
Issue: Access, Authorization

The complainant alleged that a mental health center (the "Center") improperly provided her records to her auto insurance company and refused to provide her with a copy of her medical records.  The Center provided OCR with a valid authorization, signed by the complainant, permitting the release of information to the auto insurance company.  OCR also determined that the Center denied the complainant's request for access because her therapists believed providing the records to her would likely cause her substantial harm. The Center did not, however, provide the complainant with the opportunity to have the denial reviewed, as required by the Privacy Rule.  Among other corrective action taken to resolve this issue, the Center provided the complainant with a copy of her records.



Entity Rescinds Improper Charges for Medical Record Copies to Reflect Reasonable, Cost-Based Fees Covered Entity: Private Practice Issue: Access A patient alleged that a covered entity failed to provide him access to his medical records.  After OCR notified the entity of the allegation, the entity released the complainant’s medical records but also billed him $100.00 for a “records review fee” as well as an administrative fee.  The Privacy Rule permits the imposition of a reasonable cost-based fee that includes only the cost of copying and postage and preparing an explanation or summary if agreed to by the individual.  To ...read more



Enforcement Results as of September 30, 2022 Since the compliance date of the Privacy Rule in April 2003, OCR has received over 309,475 HIPAA complaints and has initiated over 1,053 compliance reviews.  We have resolved ninety-seven percent of these cases (300,427). OCR has investigated and resolved over 29,779 cases by requiring changes in privacy practices and corrective actions by, or providing technical assistance to, HIPAA covered entities and their business associates.  Corrective actions obtained by OCR from these entities have resulted in change that is systemic and that affects all the individuals they serve.  OCR has successfully enforced the ...read more



Wednesday, November 9, 2022 A federal grand jury in Newark, New Jersey, returned an indictment today charging an Indian national for fraudulently obtaining millions of dollars in Paycheck Protection Program (PPP) loans guaranteed by the Small Business Administration (SBA) under the Coronavirus Aid, Relief, and Economic Security (CARES) Act. According to court documents, Abhishek Krishnan, 40, previously resided in Wake County, North Carolina, before returning to his home country of India. After returning to India, Krishnan allegedly submitted numerous fraudulent PPP loan applications to federally insured banks, including on behalf of purported companies that were not registered business entities. ...read more



Dentist Revises Process to Safeguard Medical Alert PHI Covered Entity: Health Care Provider Issue: Safeguards, Minimum Necessary An OCR investigation confirmed allegations that a dental practice flagged some of its medical records with a red sticker with the word "AIDS" on the outside cover, and that records were handled so that other patients and staff without need to know could read the sticker. When notified of the complaint filed with OCR, the dental practice immediately removed the red AIDS sticker from the complainant's file. To resolve this matter, OCR also required the practice to revise its policies and operating ...read more

April 2026
SuMoTuWeThFrSa
1234
567891011
12131415161718
19202122232425
2627282930

Blog Home

Newest Blog Entries
1/21/25 Understanding Business Associate Agreements

11/12/22 Modernizing Medicine Agrees to Pay $45 Million to Resolve Allegations of Accepting and Paying Illegal Kickbacks and Causing False Claims

11/12/22 Indian National Charged in $8 Million COVID-19 Relief Fraud Scheme

11/12/22 Former Hospital Employee Pleads Guilty To Criminal HIPPA Charges

11/12/22 Covered entities and those persons rendered accountable by general principles of corporate criminal liability may be prosecuted directly under 42 U.S.C. § 1320d-6

11/12/22 The Delaware Division of Developmental Disabilities Services Data Breach

11/12/22 OCR Settles Three Cases with Dental Practices for Patient Right of Access under HIPAA

11/12/22 HHS Issues Guidance on HIPAA and Audio-Only Telehealth

11/12/22 Five Former Methodist Hospital Employees Charged with HIPAA Violations

11/12/22 May a covered entity use or disclose protected health information for litigation?

11/12/22 When does the Privacy Rule allow covered entities to disclose protected health information to law enforcement officials?

Blog Archives
January 2025 (1)
November 2022 (54)

Blog Labels
Telehealth (1)
BAA (4)
EHR Fraud (1)
PPP Fraud (1)
HIPAA (2)
Covered Entity (40)
ePHI (2)
HIPAA Enforcement (3)
Data Breach (1)

 
BAA Facts
  • Who needs a BAA?
  • What if I don't have a BAA
  • BAA Quick FAQ
  • WHY BAA?
  • Planning Your BAA
 Sample BAA
  • Simple BAA
  • Better BAA
  • Best BAA
 Office Locations:

100 Florida Ave
Tampa Fl 33615