by Find-A-Codeā¢
Sep 7th, 2022
Though medical billing codes are the main focus here, all of us in the medical billing industry need to be cognizant of HIPAA compliance. In light of that, it is important that medical billers, coding specialists, and the clinicians they work for pay attention to the Right of Access Initiative (RAI). Washington continues to flex its muscles in its enforcement of the initiative.
The RAI requires that all HIPAA-covered entities provide quick and seamless access to patient medical records at a reasonable cost. Simply put, healthcare providers and other covered entities must provide patients with their medical records upon request. HIPAA give covered entities 30 days to produce records. They are only allowed to charge a nominal fee.
Office for Civil Rights Action
In order to demonstrate its serious about RAI, the Office for Civil Rights (OCR) has taken more than three dozen enforcement actions against covered entities since the initiative was enacted. In its most recent caseload, the OCR settled with eleven violators.
Here are just a few examples of the types of things that have triggered OCR enforcement:
- The failure of a podiatrist to produce records after multiple patient and OCR requests. A $100,000 penalty was assessed.
- A healthcare company refusing a patient's request for medical records, saying they would not provide the records until the patient's outstanding balance was paid. A $3,500 penalty was assessed.
- A healthcare provider not honoring a request for records five months after the initial inquiry. The office only complied when the OCR got involved. A $22,500 penalty was assessed.
It is important to remember that a covered entity's obligation to honor patient requests for records is baked into HIPAA regulations. The OCR has the legal right to investigate complaints and take corrective action where necessary.
Enforcement of a Long-Held Right
It turns out that patients have had the right to request and view their medical records for a couple of decades. Under the HIPAA Privacy Rule of 2001, medical records cannot be kept from patients except under certain extenuating circumstances. So why the RAI?
The RAI was implemented in 2019 to formally enforce the original 2001 rule. Prior to RAI, the rule basically had no teeth. The powers that be determined that without some means of enforcement, covered entities would continue to thwart patient attempts to obtain their medical records.
Know and Follow the Rules
Those of us involved in medical billing and coding are not directly affected by the RAI in the sense that we are not responsible for fulfilling patient requests for medical records. Still, the OCR's enforcement of RAI is a reminder to us to know and follow all the HIPAA that apply to us. Trying to get around the rules only invites problems with regulators.
HIPAA was put in place to protect patient privacy and security. It may seem onerous at times. Furthermore, the regulations may require a bit more work on the part of healthcare providers and their teams. Nonetheless, the rules are the rules. HIPAA compliance isn't just a suggestion; it is a mandate.
Enforcement Will Continue
In terms of RAI enforcement against HIPAA-covered entities that fail to honor medical record requests, expect it to continue for the foreseeable future. As long as patients file formal complaints, the OCR will be there to open investigations and mandate corrective action.
The OCR has already done so with thirty-eight cases. There is no reason to believe their willingness to take corrective action will wane anytime soon. If your organization receives requests for patient records, furnish them quickly and do not charge excessively for the service.