Electronic Healthcare Records , Governance & Risk Management , HIPAA/HITECH

Sharp Healthcare Latest to Be Fined for Records Access Failure

Case Is HHS' 16th 'Right of Access' Enforcement Action
Sharp Healthcare Latest to Be Fined for Records Access Failure

Continuing its initiative to ensure patients can access copies of their medical records, as HIPAA requires, federal regulators on Friday issued their 16th settlement in a records access case.

See Also: OnDemand | Making the Connection Between Cybersecurity and Patient Care

The $70,000 Department of Health and Human Services settlement with San Diego, Calif.-based Sharp Healthcare is the second right of access case announced this week. On Wednesday, HHS OCR revealed a $75,000 settlement with Nevada-based Renown Health.

The Complaint

HHS OCR says that in June 2019, it received a complaint alleging that Sharp failed to take timely action in response to a patient's records access request directing that an electronic copy of protected health information in an electronic health record be sent to a third party.

OCR says it provided Sharp with technical assistance on the HIPAA right of access requirements. But in August 2019, OCR received a second complaint alleging that Sharp still had not responded to the patient's records access request.

OCR initiated an investigation, and Sharp eventually provided access to the requested records.

Corrective Actions

As in OCR's 15 previous right of access settlements with other entities, in addition to the monetary settlement, Sharp will undertake a corrective action plan that includes two years of monitoring.

Under the resolution agreement with OCR, Sharp has agreed to take several corrective actions including developing written policies and procedures to comply with the HIPAA's right of access provision; distributing those policies and procedures to all members of the Sharp workforce; and providing its staff with training materials.

In a statement provided to Information Security Media Group Sharp says its dedicated to "providing patients with timely access to their medical records and ensuring their privacy by adhering to all requirements set forth in HIPAA and California law."

HHS OCR launched its "right of access" enforcement initiative in April 2019. Since then, the agency's 16 settlements in these cases have had financial penalties ranging from $3,500 to $200,000.

About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.