Diabetes, Endocrinology & Lipidology Center Pays $5,000 to Resolve HIPAA Right of Access Case

Share this article on:

The HHS’ Office for Civil Rights has announced a settlement has been reached with The Diabetes, Endocrinology & Lipidology Center, Inc. (DELC) that resolves a potential HIPAA Right of Access violation. This is the 8th financial penalty to be announced in 2021 to resolve violations of the HIPAA Rules, and the 19th settlement under OCR’s HIPAA Right of Access enforcement initiative that was launched in the fall of 2019.

DELC is a West Virginia-based healthcare provider specializing in treating endocrine disorders. In August 2019, OCR received a complaint that alleged DELC had failed to respond to a request for a copy of protected health information in a timely manner. The HIPAA Privacy Rule requires a copy of an individual’s protected health information contained in a designated record set to be provided within 30 days of a request being received.

In this case, the complainant wanted a copy of her minor child’s protected health information and DELC had failed to provide those records within the allowed 30 days. OCR notified DELC on October 30, 2019 about the investigation into potential noncompliance with the HIPAA Right of Access (45 C.F.R. § 164.524) over the alleged refusal to provide the patient’s mother with the records she requested.

OCR determined the failure to provide the requested records was in violation of the HIPAA Right of Access. As a result of OCR’s investigation, DELC finally provided the child’s mother with a copy of the requested records in May 2021, almost two years after the initial request had been made.

In addition to the financial penalty of $5,000, DELC has agreed to a corrective action plan that includes reviewing and updating policies and procedures for providing individuals with access to PHI and privacy training for the workforce on individual access to PHI. DELC will be monitored by OCR for 2 years to ensure compliance with the Right of Access provisions of the HIPAA Privacy Rule.

“It should not take a federal investigation before a HIPAA covered entity provides a parent with access to their child’s medical records,” said Acting OCR Director Robinsue Frohboese.  “Covered entities owe it to their patients to provide timely access to medical records.”

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.

Share This Post On