DentistCare Insights

Solo Dental Practice Hit with $70,000 Penalty for Violation of the HIPAA Right of Access Rule

Written by DentistCare Risk Management Specialist | Nov 12, 2024 6:19:15 PM

Gums Dental, a solo dental practice and a “covered entity” under HIPAA, was found non-compliant with the Privacy Rule regarding a patient’s right to access medical records. In April 2019, a patient requested electronic copies of her and her children’s health records, which Gums Dental failed to provide. Following several follow-up requests and complaints to the Office for Civil Rights (OCR), Gums Dental did not produce the records, violating HIPAA’s 30-day timeline for access.

The OCR, the branch of CMS that enforces HIPAA rules, provided technical assistance and issued reminders, but Gums Dental continued to deny the requests, citing a flat fee of $25 for mailing the records and suspicions of potential insurance fraud as justification. The OCR noted that the Privacy Rule does not permit denial of access based on assumptions of intent or demand for non-applicable fees. Despite further requests and investigation reminders from the OCR, Gums Dental did not provide the records or demonstrate any mitigating factors.

The OCR determined that Gums Dental violated HIPAA by failing to provide patient access to medical records, despite lawful requests and repeated guidance from OCR. The violation, categorized as “willful neglect, uncorrected,” occurred from August 26, 2019, through March 29, 2022. The OCR considered several factors when determining the Civil Monetary Penalty (CMP) for Gums Dental's HIPAA violation, including:

  1. Nature and Extent of Harm: The Complainant’s family was denied dental services by Gums Dental, reportedly as retaliation for the complaint filed with OCR, and could not access insurance reimbursement due to lack of records.
  2. Nature and Extent of Violation: Gums Dental ignored repeated requests to provide the Complainant’s records and failed to act on OCR’s technical assistance and data requests, resulting in an ongoing two-year-plus violation.
  3. Compliance History: Gums Dental previously disregarded OCR’s guidance and data requests but has no other recorded compliance issues.
  4. Financial Condition: OCR acknowledged Gums Dental’s status as a solo provider, though it lacked detailed financial information due to Gums Dental’s noncooperation.

Given the ongoing nature of the violation and the impact on the Complainant’s access to care, OCR assessed a daily penalty of $63,973 for willful neglect. However, considering the financial implications on Gums Dental as a solo practice, OCR exercised discretion to reduce the penalty to $70,000, factoring in potential challenges from the COVID-19 pandemic.

If you are not insured with DentistCare, A ProAssurance Program, feel free to complete this form to find out more about our coverage and get a quote!

Article provided by: TLD Systems 

Source: Gums Dental Care, LLC Notice of Proposed Determination | HHS.gov

Disclaimer: The information contained on the DentistCare Blog does not establish a standard of care, nor does it constitute legal advice. The information is for general informational purposes only. We encourage all blog visitors to consult with their personal attorneys for legal advice, as specific legal requirements may vary from state to state. Links or references to organizations, websites, or other information is for reference use only and do not constitute the rendering of legal, financial, or other professional advice or recommendations. All information contained on the blog is subject to change.