Phoenix-based Banner Health, on behalf of Banner Health affiliated covered entities, also called Banner Health ACE, agreed to pay $200,000 to settle potential violations of the HIPAA Privacy Rule’s Right of Access standard, which requires healthcare organizations to provide patients with copies of their medical records quickly and at a reasonable cost.
OCR received two complaints against Banner Health ACE alleging violations of the HIPAA Right of Access rule. The first complaint claimed that the individual had requested access to her medical records in December 2017 but did not receive the records until May 2018. The second complaint alleged the patient requested access to an electronic copy of his records in September 2019 but the records weren’t sent until February 2020.
Along with the financial settlement, Banner Health will undergo a corrective action plan that includes two years of monitoring by the OCR.
More articles on cybersecurity:
Jefferson Healthcare email hack put info of 2,500 patients at risk: 4 details
Hackers get patients’ PHI after inflicting malware on Florida hospital’s computer network
LSU Health discovers September cyberattack extended to partner hospital
