Today, the U.S. department of health and human Services (HHS) office for Civil Rights (OCR) announced the declaration of three investigations and 1 affair before an Administration Law justice related to compliance with the health indemnity Portability and Accountability routine (HIPAA) Privacy Rule. two of these cases are part of OCR�s HIPAA right of Access Initiative, bringing the tot number of these enforcement actions to twenty-seven since the initiative began. OCR created this initiative to reinforcement individuals’ right to timely access their health records at a reasonable cost under the HIPAA Privacy Rule. The other enforcement actions result from healthcare providers impermissibly disclosing their patients� protected health information (PHI). �Between the rising pace of breaches of unsecured protected health information and continued cyber security threats impacting the health care industry, it is critical that covered entities submit their HIPAA compliance responsibilities seriously,� said OCR Director Lisa J. Pino. �OCR will proceed our steadfast committal to protect individuals� health information privacy and security through enforcement, and we will pursue civil money penalties for violations that are not addressed.� OCR has taken the following enforcement actions that underline the importance and requisite of compliance with the HIPAA Rules, including the foundational redress of access provision: Dr. Donald Brockley, D.D.M., a solo dental practitioner in Butler, Pennsylvania, failed to provide a patient with a copy of their medical record.� After being issued a notice of Proposed Determination, dr. Donald Brockley, D.D.M requested a hearing before an Administrative Law Judge.� The litigation was resolved before the court made a determination by a settlement agreement in which dr. Donald Brockley, D.D.M agreed to pay $30,000 and submit corrective actions to comply with the HIPAA Privacy Rule’s compensate of access standard. Dr. U. Phillip Igbinadolor, D.M.D. & Associates, P.A. (UPI), a dental practice with offices in Charlotte and Monroe, northward Carolina, impermissibly disclosed a patient�s PHI on a webpage in reception to a negative online review.� UPI did not respond to OCR�s data request, did not respond or object to an administrative subpoena, and waived its rights to a hearing by not contesting the findings in OCR�s mark of Proposed Determination.� OCR imposed a $50,000 civil money penalty. Jacob and Associates, a psychiatric medical services provider with two office locations in California, agreed to submit corrective actions and pay OCR $28,000 to settle potential violations of the HIPAA Privacy Rule, including provisions of the right of access standard; Northcutt Dental-Fairhope, LLC�(Northcutt Dental), a dental practise in Fairhope, Alabama, who impermissibly disclosed its patients� PHI to a effort coach and a third-party marketing companion hired to help with a country senate election campaign, agreed to take corrective action and pay $62,500 to root potential violations of the HIPAA Privacy Rule. Individuals who guess their HIPAA rights experience been violated have the�right to�file a complaint�with OCR and may find more information on their rights under the Privacy Rule�here. Source: HHS
