Listen to the Help Me With HIPAA podcast Does HIPAA guarantee access? – Ep 397 to hear Donna and David discuss who actually is and isn’t guaranteed access to patient records. Also, hear how OCR is going to tackle the backlog of complaints. Donna and David give you some great advice to help you be prepared for when OCR comes knocking on your door.
The backlog of healthcare investigations has been an issue for OCR for some time, with investigations often taking years to complete. OCR has faced pressure to improve its enforcement efforts, particularly with the increasing number of cybersecurity breaches in the healthcare industry. To combat the overwhelming amount of complaints, OCR has plans to reorganize and create a dedicated division to investigate HIPAA complaints, with a particular focus on cybersecurity breaches. The division will be staffed with individuals with expertise in cybersecurity, allowing OCR to more effectively investigate and respond to cybersecurity incidents in healthcare. In addition, OCR plans to create three new divisions focused on policy, strategic planning, and enforcement. The policy division will provide guidance and recommendations on best practices for healthcare providers to protect patient privacy and security. The strategic planning division will help OCR identify areas for improvement and new initiatives to promote healthcare data privacy and security. The enforcement division will be responsible for taking action against healthcare providers who violate federal laws related to patient privacy and security. This includes imposing fines and penalties on organizations found to be in violation of HIPAA regulations. Overall, the reorganization plan is intended to help OCR better address the growing number of complaints related to healthcare data privacy and security, reduce the backlog of investigations, and improve enforcement efforts to better protect individuals’ privacy and security in healthcare.
Donna and David also make it very clear in Does HIPAA guarantee access? – Ep 397 that HIPAA does not guarantee all family members with a “blood” relationship access to a patient’s medical information. HIPAA only guarantees the patient’s right to privacy and access to their own records. The lack of legal documentation, such as a power of attorney, means that hospitals can only follow their internal policies. Family issues and personal relationships are not the responsibility of healthcare providers, and providers must rely on their internal policies and professional judgment. In situations where there is no legal standing or court order, providers must deal with the primary caretaker or personal representative, which is typically the person who has been designated in legal documentation. It is important for patients to make it clear to their providers who their personal representatives are and to have proper documentation in place. OCR has published this guide to help explain this: Sharing Health Information with Family Members and Friends.