Georgia Laboratory Fined €16,500 for Non-Compliance with HIPAA Right of Access
The HHS’ Office for Civil Rights (OCR) has announced that a diagnostic laboratory in Georgia – Life Hope Labs, LLC – has been fined $16,500 for failing to provide an individual with timely access to the medical records of her deceased father, in violation the Right of Access of the HIPAA Privacy Rule. OCR has now imposed 43 financial penalties on HIPAA-regulated entities since it commenced its HIPAA Right of Access enforcement initiative in 2019.
The HIPAA Privacy Rule (45 C.F.R. § 164.524) gives individuals and their personal representatives the right to access and obtain a copy of the protected health information stored by a covered entity in a designated record set. Covered entities must provide access to or a copy of the requested medical records in a timely manner, and no later than 30 days from receipt of the request. An extension of 30 days is permitted in certain cases, but if such an extension is required, the individual or their personal representative must be informed and the reason for the delay must be explained.
The daughter of a patient of Life Hope Labs requested access to her deceased father’s medical records on July 7, 2021. 48 days later, after not being provided with the records, a complaint was filed with OCR. The records were eventually provided 225 days after the initial request, on February 16, 2022. OCR determined that making an individual wait 7 months to obtain a copy of the requested medical records was a violation of the HIPAA Right of Access.
Life Hope Labs chose to settle the investigation with OCR and pay a financial penalty. The settlement also includes a corrective action plan to address the aspects of HIPAA compliance uncovered by OCR during the investigation. OCR will also monitor Life Hope Labs for compliance with the corrective action plan for a period of 2 years.
“Access to medical records, including lab results, empowers patients to better manage their health, communicate with their treatment teams, and adhere to their treatment plans. The HIPAA Privacy Rule gives individuals and personal representatives a right to timely access their medical records from all covered entities, including laboratories,” said OCR Director Melanie Fontes Rainer. “Laboratories covered by HIPAA must follow the law and ensure that they are responding timely to records access requests.”