The U.S. Department of Health and Human Services (HHS) announced today that Life Hope Labs has agreed to pay a settlement of $16,500 to resolve potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule’s right of access provision. The rule requires that patients be able to access their health information in a timely manner.
This post will cover what happened, how Life Hope Labs is going resolve the HIPAA violation, and what the right of access provision is.
See also: HIPAA Compliant Email: The Definitive Guide
Life Hope Labs is a full-service diagnostic laboratory in Sandy Springs, Georgia. In July 2021, a family member requested their deceased father’s medical records form the lab. The records were not received until seven months later.
A complaint was filed with the HHS Office of Civil Rights (OCR) and a follow up investigation concluded Life Hope Labs failed to provide timely access to the requested medical records.
Resolving the HIPAA violation
Life Hope Labs agreed to implement a corrective action plan and pay $16,500 to resolve the investigation.
See related: Life Hopes Resolution Agreement and Correction Action Plan
HIPAA Right of Access Initiative
Launched in 2019, the OCR HIPAA Right of Access Initiative is designed to, “to support individuals’ right to timely access their health records at a reasonable cost under the HIPAA Privacy Rule.” This investigation marks the 43rd case to be settled under the initiative.
The right of access provision states that a covered entity must provide access to protected health information (PHI) no later than 30 days from receiving the request.
According to OCR Director Melanie Fontes Rainer:
“Access to medical records, including lab results, empowers patients to better manage their health, communicate with their treatment teams, and adhere to their treatment plans. The HIPAA Privacy Rule gives individuals and personal representatives a right to timely access their medical records from all covered entities, including laboratories. Laboratories covered by HIPAA must follow the law and ensure that they are responding timely to records access requests.”