Medical Practice Pays $20K to Settle ‘Right of Access’ Case

Dispute is HHS’ 42nd HIPAA ‘Right of Access’ Enforcement Action Since 2019

Marianne Kolbasuk McGee (HealthInfoSec,
December 15, 2022

Federal regulators are sending a message: No medical practice is too small to escape notice from a campaign pushing healthcare entities into sharing health information with patients. For requesters, the government says the experience should be practically as seamless and easy as pressing a button.

See Also: Finding a Password Management Solution for Your Enterprise

A Florida primary care practice is the latest exemplar in that campaign. Health Specialists of Central Florida will pay $20,000 to settle a November 2019 complaint that it took four months and 29 days to respond to an Orlando woman’s request for access to her deceased father’s medical records.

“The right of patients to access their health information is one of the cornerstones of HIPAA, and one that OCR takes seriously,” said Melanie Fontes Rainer, director of the Department of Health and Human Service’s Office of Civil Rights.

Besides agreeing to pay the $20,000 penalty, the medical practice will implement a corrective action plan that includes updating and implementing its policies and procedures to comply with the HIPAA privacy rule, and training its workforce on those policies and procedures.

The settlement announced Thursday is HHS OCR’s 42nd enforcement action in a case involving right of access since the agency launched an initiative in April 2019 focused on driving compliance.

Rainer vowed more of the same. “We will continue to ensure that healthcare providers and health plans take this right seriously and follow the law,” she said.

“Today’s announcement speaks to the importance of accessing information and regulated entities taking steps to implement procedures and workforce training to ensure that they are doing all they can to help patients access.”

Health Specialists of Central Florida’s owner, Dr. Harbinder Ghulldu, did not immediately respond to Information Security Media Group’s request for comment on the settlement.

So far in 2022, OCR has brought 16 HIPAA enforcement actions involving right of access disputes, including the settlement with the Florida medical practice (see: HHS Slaps 3 Dental Practices with ‘Right of Access’ Fines,

The largest right of access settlement so far this year was with Memorial Hermann Health System in Texas for $240,000 in July (see: Latest HHS HIPAA Actions Spotlight ‘Right of Access’ Again,


Leave a Comment