Christopher A. Parrella, Esq., CPC, CPCO, CHC
Parrella Health Law, Boston, Ma.

Date: January 4, 2024

Introduction:

The recent settlement between Optum Medical Care and the Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) serves as a critical reminder for healthcare providers about the importance of complying with HIPAA’s Right of Access provision. This case, marking the 46th enforcement action under OCR’s Right of Access Initiative, highlights the potential legal and financial repercussions of non-compliance.

Background of the Case:

On December 15, 2023, HHS’ OCR announced a significant settlement with Optum Medical Care, a multi-specialty physician group operating in New Jersey and Southern Connecticut. The settlement addressed multiple complaints alleging that Optum violated HIPAA’s Privacy Rule’s Right of Access provision, which mandates timely access to patients’ health information.

Investigation Findings:

OCR’s investigation, initiated in response to six complaints filed in Fall 2021, revealed that Optum Medical Care delayed providing patients and their representatives access to medical records. Some patients waited between 84 and 231 days post-request, significantly breaching the HIPAA stipulation of 30 calendar days.

Settlement and Corrective Action:

Optum Medical Care agreed to a $160,000 settlement and the implementation of a comprehensive corrective action plan. This plan includes workforce training, meticulous reporting of records requests to OCR, and revisions to policies and procedures to ensure prompt response to access requests. OCR will monitor Optum’s compliance for one year.

Key Takeaways for Healthcare Providers:

Timeliness is Paramount: The OCR emphasizes timely responses to medical records requests. Providers must ensure they meet the 30-day timeframe stipulated by HIPAA.

Comprehensive Compliance Programs: Healthcare entities should establish robust compliance programs that include training, policy development, and periodic reviews to prevent similar violations.

Proactive Approach to Patient Rights: Providers should not only respond to requests but also actively facilitate patient access to health information.

Monitoring and Reporting: Regularly monitor compliance and be prepared to report to oversight bodies like OCR.

Conclusion:

The Optum Medical Care case underscores the significance of adhering to HIPAA regulations, particularly the Right of Access provision. As healthcare defense and compliance attorneys, Parrella Health Law stresses the importance of maintaining rigorous compliance protocols to avoid legal pitfalls and enhance patient care.

Christopher Parrella, ESQ, CPC, CHC, CPCO, is the founding partner of Parrella Health Law in Boston, Mass. The firm focuses exclusively on healthcare defense and compliance matters. Chris also travels the country on behalf of a wide range of healthcare organizations, lecturing on a variety of health care enforcement and compliance topics. Chris is one of a handful of health care attorney’s that are also Certified Professional Coders (CPC) and is a member of the AAPC’s National Legal Advisory Board and Ethics Committee.  He is also a Certified Professional Compliance Officer (CPCO) and Certified in Health Care Compliance (CHC.)