Hospitals & Health Systems

Release Exchange

Payer Exchange
Audit Manager
Institutional Audit Manager

Professional Audit Manager

Ambulatory and Physicians

Release Exchange

Audit Manager

MIPS Reporting

Clinical Forms Exchange

Accountable Care Organizations (ACO) Capabilities

Medical Specialty Societies & Registry Capabilities

Health Plan Capabilities

Webinar Recap: Patient Access and the Road to Compliance

March 10, 2021
MRO Privacy
Patient Access: Road to Compliance

Recently I presented Patient Access: Road to Compliance as part of the 2021 webinars hosted monthly by release of information specialist, MRO, this year. During the presentation, attendees learned about the latest Office for Civil Rights (OCR) enforcements and penalties resulting from the continued priority to allow patient access. Now and throughout the year, these valuable insights can help prepare organizations for full compliance.

OCR Crackdown on Patient Access

The OCR’s Industry Audit report released in late December 2020 stated that 89% of audited covered entities failed to show they were correctly implementing the individual right of access. The report noted many compliance gaps, including insufficient policies and procedures for providing access. For example, the OCR found that some policies incorrectly stated that the covered entity could deny access to Protected Health Information (PHI). Other policies lacked guidance around honoring requests for information to be provided to a designated third party.

Overall, these covered entities are largely operating on their own and do not have access to a security or compliance officer who has the detailed knowledge and experience needed to understand and create policies to ensure compliance. Because release of information (ROI) is such a detailed and intricate process, all covered entities must ensure compliance with the standards. One way to achieve that goal is to have a specific department dedicated to the effort and to also outsource the management of the ROI process. By partnering with a knowledgeable ROI vendor, an organization can ensure that someone else is responsible to learn the guidelines, implement policies and procedures required to follow the guidelines, ultimately enforce the guidelines, and continually assess and adjust as needed.

Current Landscape and Penalties

As of February 12, 2021, the OCR settled its 16th HIPAA Right of Access case after announcing in 2019 that it would crack down on supporting individuals’ right to timely access to their health records, at a reasonable cost under the HIPAA Privacy Rule.

These settlements are resulting in Civil Money Penalties (CMPs) and Corrective Action Plans (CAPs) that are largely impacting covered entities. To put it into perspective, these settlements are increasing in frequency over time:

  • 2019 – 2 cases
  • 2020 – 11 cases
  • 2021 – 3 cases to date

Some of the reasons why CMPs and CAPs were applied include:

  • Failed to respond according to timelines (and at reasonable cost) to the patient request for access to their record (8 cases)
  • Refused patient access to inspect and receive a copy (1 case)
  • Form and format to directed third party refused (2 cases)
  • Films not provided as requested by patient (1 case)
  • Patient representative not recognized (3 cases)
  • DRS not used; fetal monitor strips not provided (1 case)

Organizational Actions

If you are considering what your organization can do to ensure healthcare compliance, here are four steps to take if you have not already done so:

  • Update your compliance program, or create one.
  • Document your actions to show evidence of efforts to comply.
  • Create a compliance officer role to keep a watchful eye on the ever-changing regulatory climate.
  • Conduct a GAP analysis to document and prove that you have no intent to engage in blocking patients from accessing their medical records.

As we continue in 2021, it will be increasingly important to keep patient access top of mind, as there have been three settlements already.

To request the playback recording of this webinar and learn how you can prepare your organization for compliance, click here.

Newsletter Sign-Up

Recent Posts

Transforming Healthcare: The Benefits of Digital Image Sharing

Transforming Healthcare: The Benefits of Digital Image Sharing

​In the fast-paced world of healthcare, advancements in technology continue to revolutionize the industry, offering innovative solutions to enhance patient care. One such breakthrough is the sharing of digital images, a practice that has significantly transformed the...

Using Automation to Improve Payer Collaboration: On Air Insights

Using Automation to Improve Payer Collaboration: On Air Insights

Managing laborious payer processes is one of the most cumbersome operational challenges for hospitals and health systems. From initial claim submission to filling additional documentation requests, and responding to payer audits or denials, healthcare provider...

ACOs prepare for eCQM quality reporting

ACOs prepare for eCQM quality reporting

A New Frontier: ACOs and the Shift to Electronic Clinical Quality Measures Healthcare quality reporting is evolving, and accountable care organizations (ACOs) are at the forefront of this change. In 2025, ACOs will be required to shift from traditional quality...