Georgia Laboratory Fined €16,500 for Non-Compliance with HIPAA Right of Access

OSU HIPAA Penalty

The HHS’ Office for Civil Rights (OCR) has announced that a diagnostic laboratory in Georgia – Life Hope Labs, LLC  – has been fined $16,500 for failing to provide an individual with timely access to the medical records of her deceased father, in violation the Right of Access of the HIPAA Privacy Rule. OCR has now imposed 43 financial penalties on HIPAA-regulated entities since it commenced its HIPAA Right of Access enforcement initiative in 2019.

The HIPAA Privacy Rule (45 C.F.R. § 164.524) gives individuals and their personal representatives the right to access and obtain a copy of the protected health information stored by a covered entity in a designated record set. Covered entities must provide access to or a copy of the requested medical records in a timely manner, and no later than 30 days from receipt of the request. An extension of 30 days is permitted in certain cases, but if such an extension is required, the individual or their personal representative must be informed and the reason for the delay must be explained.

The daughter of a patient of Life Hope Labs requested access to her deceased father’s medical records on July 7, 2021. 48 days later, after not being provided with the records, a complaint was filed with OCR. The records were eventually provided 225 days after the initial request, on February 16, 2022. OCR determined that making an individual wait 7 months to obtain a copy of the requested medical records was a violation of the HIPAA Right of Access.

Life Hope Labs chose to settle the investigation with OCR and pay a financial penalty. The settlement also includes a corrective action plan to address the aspects of HIPAA compliance uncovered by OCR during the investigation. OCR will also monitor Life Hope Labs for compliance with the corrective action plan for a period of 2 years.

“Access to medical records, including lab results, empowers patients to better manage their health, communicate with their treatment teams, and adhere to their treatment plans. The HIPAA Privacy Rule gives individuals and personal representatives a right to timely access their medical records from all covered entities, including laboratories,” said OCR Director Melanie Fontes Rainer. “Laboratories covered by HIPAA must follow the law and ensure that they are responding timely to records access requests.”

About Liam Johnson
Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: https://www.linkedin.com/in/liamhipaa/