|Articles|December 16, 2021

Tips for staying off the HIPAA naughty list

Appreciating how to avoid an enforcement action under the Right of Access Initiative, as well as mitigating cyberattacks with HHS’s cybersecurity resource website.

Just in time for the Holiday Season, HHS Office for Civil Rights (“OCR”) announces five separate resolutions as part of its HIPAA Right of Access Initiative. This initiative focuses on providers and health plans who fail to provide individuals with the ability to view and receive copies of their protected health information (“PHI”) within 30 days unless an extension is provided. Importantly, the 30 day timeframe applies under federal HIPAA, states may have shorter timeframes to provide patients with their medical records. Here’s a recap of the five resolutions:

  1. Advanced Spine & Pain Management (Ohio) – paid OCR $32,150 and agreed to take corrective actions that include two years of monitoring;
  2. Denver Retina Center (Colorado) – paid OCR $30,000 and agreed to take corrective actions that includes one year of monitoring;
  3. Robert Glaser, MD (New York) – OCR issued a civil monetary penalty of $100,000 after Dr. Glaser failed to cooperate with OCR’s investigation and waived his right to a hearing;
  4. Rainrock Treatment Center, LLC (Oregon) - paid OCR $160,000 and agreed to take corrective actions that includes one year of monitoring; and
  5. Wake Health Medical Group (North Carolina) - paid OCR $10,000 and agreed to take corrective actions.

To stay on OCR’s “nice list” providers should have adequate policies and procedures that staff are trained on, log the initial request date, and comply with both state and federal timeframes. If an extension is needed, notify the patient or representative.

Established under the Cybersecurity Act of 2015, the 405(d) program was established. On December 1st, HHS delivered a holiday gift – a new website - 405(d) Aligning Health Care Industry Security Approaches Program, which offers healthcare providers and public health officials cybersecurity and patient safety resources, as well as best practices. “Absence of Cybersecurity is a(n) Enterprise Risk, Patient Risk, Organization Risk, [and] Provider Risk.” Said another way, the 405(d) program’s motto that “Cyber Safety is Patient Safety” provides a variety of different resources, including cybersecurity posters, infographics, and a bi-monthly newsletter.

In sum, to avoid the ransomware Grinch, remain vigilant because ransomware criminals are ramping up.

Newsletter

Optimize your practice with the Physicians Practice newsletter, offering management pearls, leadership tips, and business strategies tailored for practice administrators and physicians of any specialty.

Subscribe Now!

Related Content

Latest CME

Clinical Consultations™: Addressing Elevated Phosphate Levels in Patients with END-STAGE Kidney Disease (ESKD)
Video

Clinical Consultations™: Addressing Elevated Phosphate Levels in Patients with END-STAGE Kidney Disease (ESKD)

Anil K. Agarwal, MD, FACP, FASN, FNKF, FASDIN; Jay B. Wish, MD

View more
Advances In: Managing Hyperphosphatemia in Chronic Kidney Disease – Bridging Treatment Gaps With Novel Therapies
Multimedia

Advances In: Managing Hyperphosphatemia in Chronic Kidney Disease – Bridging Treatment Gaps With Novel Therapies

Glenn M. Chertow, MD, MPH; Anjay Rastogi, MD, PhD

View more
SimulatED™: Understanding the Role of Genetic Testing in Patient Selection for Anti-Amyloid Therapy
Case-based Simulation

SimulatED™: Understanding the Role of Genetic Testing in Patient Selection for Anti-Amyloid Therapy

Nicholas Doher, DO; Babak Tousi, MD

View more
Burst CME™: Addressing Inadequate Response to Anti-TNF Therapy in Patients With Rheumatoid Arthritis
Multimedia

Burst CME™: Addressing Inadequate Response to Anti-TNF Therapy in Patients With Rheumatoid Arthritis

Jeffrey A. Sparks, MD, MMSc

View more
Community Practice Connections™: Cases and Conversations – Keeping Up with Novel Approaches to Managing ANCA-Associated Vasculitis
Multimedia

Community Practice Connections™: Cases and Conversations – Keeping Up with Novel Approaches to Managing ANCA-Associated Vasculitis

Frank B. Cortazar, MD; Lindsay S. Lally, MD

View more
Burst CME: Targeted Therapy for Optimal Psoriasis Management
Video

Burst CME: Targeted Therapy for Optimal Psoriasis Management

Tina Bhutani, MD

View more
Cases and Conversations™: A Horizon View of Continuous Monitoring Systems for Diabetes Management
Video

Cases and Conversations™: A Horizon View of Continuous Monitoring Systems for Diabetes Management

Diana Isaacs, PharmD, BCPS, BC-ADM, BCACP, CDCES, FADCES, FCCP; Anders Carlson, MD; Jennifer B. Green, MD

View more
Progress in Hyperlipidemia Management to Reduce ASCVD Risk: An Illustrated Update
Video

Progress in Hyperlipidemia Management to Reduce ASCVD Risk: An Illustrated Update

Nihar R. Desai, MD, MPH; Martha Gulati, MD, MS, FACC, FAHA, MASPC, FESC, FSCCT (hon), FRCP Edin

View more
Contact Info

259 Prospect Plains Rd, Bldg H
Cranbury, NJ 08512

609-716-7777

Brand Logo

© 2025 MJH Life Sciences®

All rights reserved.

Home
About Us
News
Contact Us