The U.S. Department of Health and Human Services fined American Medical Response $115,200 for failing to provide a patient with timely access to their medical records, violating HIPAA's right of access provisions.
The U.S. Department of Health and Human Services' Office for Civil Rights (OCR) imposed a civil monetary penalty of $115,200 on American Medical Response (AMR) because they failed to provide a patient with timely access to their medical records. The penalty was the result of an investigation that began after a patient complained about not receiving their records despite multiple requests.
According to the HIPAA Privacy Rule, individuals have the right to access their health information within 30 days, with a possible extension of another 30 days. AMR did not comply with this requirement, which led OCR to take action. During the investigation, OCR confirmed that AMR had not provided the requested records promptly.
In response, AMR eventually sent the records to the patient and revised its procedures to better handle future requests. The OCR issued a Notice of Proposed Determination in October 2023, informing AMR of the penalty. AMR chose not to contest the findings and waived their right to a hearing.
Under HIPAA, patients have the right to access their health information, meaning they can request and obtain a copy of their medical records from their healthcare providers. The right empowers individuals to understand and manage their own health care. Patients can request access to a wide range of information, including doctors' notes, medical test results, billing records, and any other data used to make decisions about their care. Healthcare providers must respond to these requests within 30 days, although they can extend this period by another 30 days if they provide a valid reason.
In the press release, OCR Director Melanie Fontes Rainer offered the following statement, “HIPAA gives patients a right to timely access to their medical records. OCR will continue to enforce this right through investigations, and when necessary, by imposing civil money penalties.”
When patients cannot access their medical records promptly, they may face delays in receiving necessary treatments, second opinions, or consultations with other healthcare providers. A lack of access can hinder a patients ability to understand their medical conditions, review their medical history, and ensure the accuracy of their health information.
See also: HIPAA Compliant Email: The Definitive Guide
HIPAA is a U.S. law that sets national standards for protecting the privacy and security of individuals' medical information and ensures that patients have rights to access their health records.
An example of a HIPAA violation is a healthcare provider failing to provide a patient with timely access to their medical records upon request.
HIPAA applies to covered entities such as healthcare providers, health plans, and healthcare clearinghouses, as well as their business associates who handle protected health information.