The Office of Civil Rights said in a March 26 news release that a complaint was filed against the Ridgewood, N.J.-based plastic surgery provider in September 2019. The complaint alleged Village Plastic Surgery failed to respond to a patient’s request for medical record access on time in August 2019.
An OCR investigation determined the plastic surgery provider did not take action on the access request within 30 days or within 60 days with an extension, a potential violation of the HIPAA Right of Access standard.
In addition to paying $30,000, VPS will have a corrective action plan that includes two years of monitoring by the OCR.
More articles on cybersecurity:
Wake Forest Baptist hospital patients’ records exposed in Healthgrades data breach
American Hospital Association selects preferred cybersecurity vendor: 5 details
How COVID-19 drove telehealth adoption: 8 key study findings
