Paubox News | HIPAA Compliance, Email Security and Healthcare Tech

American Medical Response fined $115K by the HHS

Written by Kirsten Peremore | August 05, 2024

The U.S. Department of Health and Human Services fined American Medical Response $115,200 for failing to provide a patient with timely access to their medical records, violating HIPAA's right of access provisions.

 

What happened 

The U.S. Department of Health and Human Services' Office for Civil Rights (OCR) imposed a civil monetary penalty of $115,200 on American Medical Response (AMR) because they failed to provide a patient with timely access to their medical records. The penalty was the result of an investigation that began after a patient complained about not receiving their records despite multiple requests. 

According to the HIPAA Privacy Rule, individuals have the right to access their health information within 30 days, with a possible extension of another 30 days. AMR did not comply with this requirement, which led OCR to take action. During the investigation, OCR confirmed that AMR had not provided the requested records promptly. 

In response, AMR eventually sent the records to the patient and revised its procedures to better handle future requests. The OCR issued a Notice of Proposed Determination in October 2023, informing AMR of the penalty. AMR chose not to contest the findings and waived their right to a hearing.

 

In the know

Under HIPAA, patients have the right to access their health information, meaning they can request and obtain a copy of their medical records from their healthcare providers. The right empowers individuals to understand and manage their own health care. Patients can request access to a wide range of information, including doctors' notes, medical test results, billing records, and any other data used to make decisions about their care. Healthcare providers must respond to these requests within 30 days, although they can extend this period by another 30 days if they provide a valid reason. 

 

What was said

In the press release, OCR Director Melanie Fontes Rainer offered the following statement,HIPAA gives patients a right to timely access to their medical records. OCR will continue to enforce this right through investigations, and when necessary, by imposing civil money penalties.”

 

The bigger picture 

When patients cannot access their medical records promptly, they may face delays in receiving necessary treatments, second opinions, or consultations with other healthcare providers. A lack of access can hinder a patients ability to understand their medical conditions, review their medical history, and ensure the accuracy of their health information. 

See also: HIPAA Compliant Email: The Definitive Guide

 

FAQs

What is HIPAA?

HIPAA is a U.S. law that sets national standards for protecting the privacy and security of individuals' medical information and ensures that patients have rights to access their health records.

 

What is an example of a violation of HIPAA?

An example of a HIPAA violation is a healthcare provider failing to provide a patient with timely access to their medical records upon request.

 

Who is subject to HIPAA?

HIPAA applies to covered entities such as healthcare providers, health plans, and healthcare clearinghouses, as well as their business associates who handle protected health information.