The Office of Civil Rights issued the settlement March 24 under its HIPAA Right of Access Initiative, which requires providers to give patients copies of their health records quickly and at a reasonable cost.
OCR received a complaint in July 2019 that Arbour Hospital failed to timely respond to a patient’s records access request in May 2019. OCR provided the hospital with technical assistance on the Right of Access requirements, however, in July, OCR received a second complaint claiming Arbour Hospital had still not fulfilled the records request.
OCR launched an investigation into the incident and found that the hospital had not provided timely access to the health records; Arbour Hospital did give the patient the electronic copies in November 2019.
Arbour Hospital will pay the $65,000 financial settlement and also undergo a corrective action plan, which includes one year of monitoring by the OCR.
More articles on cybersecurity:
20 most popular websites targeted for COVID-19 phishing attacks: Microsoft, LinkedIn & more
US charges Swiss resident who claimed responsibility for hack on hospitals’ security cameras
3 measures to prepare your healthcare center for a cyberattack
