Governance & Risk Management , HIPAA/HITECH , Privacy

Feds Slap Another Provider with 'Right of Access' Fine

$15,000 Settlement With Psychotherapy Counselor Is HHS OCR's 44th Case
Feds Slap Another Provider with 'Right of Access' Fine

Federal regulators are continuing their campaign to enforce compliance with the HIPAA "right of access" provision. The Department of Health and Human Services on Monday said it had slapped a solo-practitioner psychotherapy counselor with a $15,000 settlement in a dispute involving a parent who sought the medical records of his three minor children.

See Also: Panel Discussion | Accelerate HITRUST certification for faster time-to-market and improved ROI

In a statement Monday, the HHS Office for Civil Rights said it had received a complaint in December 2017 against David Mente, a licensed counselor providing psychotherapy services in Pittsburgh, Pennsylvania, alleging that Mente would not give a father copies of medical records for his three children.

OCR said it had provided technical assistance to Mente on the requirements of the HIPAA Privacy Rule's "right of access" requirements and closed the complaint.

Despite OCR's intervention, Mente failed to respond to the father's subsequent request for his children’s records in April 2018, leading to the parent filing a second complaint to the agency.

OCR's investigation of the second complaint determined that Mente's failure to provide timely access to the requested medical records was a potential violation of the HIPAA "right of access" provision, the agency said.

"Under HIPAA, parents, as the personal representatives of their minor children, generally have a right to access their children's medical records," said OCR Director Melanie Fontes Rainer.

"It should not take an individual or their parent representative nearly six years and multiple complaints to gain access to patient records."

Rainer, in a recent interview with Information Security Media Group, said patient "right of access" disputes are the No. 1 type of HIPAA complaint the agency receives.

"It's a cornerstone of HIPAA for you to get access to your own information. But a lot of covered entities don't take that seriously," she said.

As part of the resolution agreement in the case, Mente provided the father with all requested records in his practice's possession, OCR said.

Mente declined Information Security Media Group's request for comment about the case.


About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing devicesecurity.io, you agree to our use of cookies.