The Office for Civil Rights (OCR) issued a press release on November 12, 2020, announcing that it had settled its eleventh enforcement action in its HIPAA Right-of-Access Initiative. The settlement with Dr. Rajendra Bhayani, an otolaryngologist (ENT) practicing in Regal Park, New York, included a payment of $15,000, a corrective action plan and two years of monitoring by the OCR.

The facts behind the case are these: In September 2018, the OCR received a complaint from a patient alleging that Dr. Bhayani failed to provide her with access to her medical records after she requested them in July 2018. Following the complaint, the OCR provided technical assistance to Dr. Bhayani regarding compliance with the right-of-access requirements and closed the case. Similar to other recent settlements with the OCR, the patient lodged a second complaint, alleging that Dr. Bhayani still had not provided her with access to her records, and as a result of re-opening the file, the OCR “determined that Dr. Bhayani’s failure to provide the requested medical records was a potential violation of the HIPAA right of access standard.” Following the investigation, the patient received a copy of her medical records in September 2020.

According to OCR Director Roger Severino, “Doctor’s offices, large and small, must provide patients their medical records in a timely fashion. We will continue to prioritize HIPAA Right of Access cases for enforcement until providers get the message.”

Providers, the message is clear: carefully follow HIPAA’s right-of-access requirements.

Photo of Linn Foster Freedman Linn Foster Freedman

Linn Freedman is chair of the firm’s Data Privacy + Security Team. She is also an active member of firm’s Health Law Group, education practice, Environmental + Utilities Group, Insurance + Reinsurance Group, and Business Litigation Group. Her practice focuses on data privacy…

Linn Freedman is chair of the firm’s Data Privacy + Security Team. She is also an active member of firm’s Health Law Group, education practice, Environmental + Utilities Group, Insurance + Reinsurance Group, and Business Litigation Group. Her practice focuses on data privacy and security law, responses to data breaches, compliance with federal and state privacy and security laws, breach notification laws, and assisting clients with regulatory investigations.

Ms. Freedman is experienced in providing counsel to health care organizations, Regional Health Information Organizations, and privacy and security issues related to interoperability of electronic health records. She has litigated complex cases, including privacy cases, and class action data breach litigation in state, federal, and appellate courts, government investigations, and serves as general counsel of the Rhode Island Quality Institute. Read her full rc.com bio here.