Dental Practices are Targets of HIPAA Penalties

such records when requested by the patient or do not provide timely access to such records within the timeframes required under HIPAA may be subject to hefty sanctions.

On September 20, 2022, the Department of Health & Human Services, Office for Civil Rights (OCR), the HIPAA enforcement agency, announced the settlement of three cases against dental practices for alleged violations of the right of access rule. The first settlement involved allegations that, although the dental practice provided portions of the patient’s record when the patient requested her entire record, the practice did not provide a complete copy of the patient’s record until more than five months after the request was made. Under this settlement, the dental practice agreed to pay a fine of $30,000 and implement a corrective action plan. The second settlement involved allegations that the dental practice did not provide the patient with a copy of her record for more than a year after the request was made, and that the practice withheld the record because the patient would not pay a $170 copying fee. The dental practice agreed to pay a fine of $80,000 and implement a corrective action plan. The third settlement involved allegations that the dental practice withheld a minor patient’s record for more than eight months after the patient’s mother requested the record. Under the settlement with the OCR, the practice agreed to pay a fine of $25,000 and implement a corrective action plan.

The OCR has now announced 23 settlements of investigations involving alleged violations of HIPAA’s right of access rule since the OCR began its “right of access initiative” in 2019. The HIPAA enforcers have made clear that patients have the right to receive timely access to their records at a reasonable cost in compliance with HIPAA.

Click here to read the entire October 2022 Healthcare Law Update