The settlement, announced Feb. 12, was issued by the Office of Civil Rights for its HIPAA Right of Access Initiative, which requires providers to give patients copies of their health records quickly and at a reasonable cost.
OCR received a complaint in June 2019 that Sharp HealthCare, doing business as Sharp Rees-Stealy Medical Centers, failed to timely respond to a patient’s records access request directing an electronic copy of their EHRs be sent to a third party. OCR then gave SRMC technical assistance to help with the HIPAA Right of Access requirements, but two months later OCR received a second complaint claiming SRMC still had not responded to the patient’s record access request.
OCR launched an investigation into the incident and found that the health system had not provided timely access to the health records; SRMC did give the patient the electronic copies after the investigation.
Sharp HealthCare will pay the $70,000 financial settlement and also undergo a corrective action plan, which includes two years of monitoring by the OCR.
More articles on cybersecurity:
13 patient data breach lawsuits in the past year
Renown Health to pay $75K settlement in HIPAA Right of Access case
Ransomware group posts stolen North Carolina county health data online
