The Office for Civil Rights (OCR) issued a press release on November 12, 2020, announcing that it had settled its eleventh enforcement action in its HIPAA Right-of-Access Initiative. The settlement with Dr. Rajendra Bhayani, an otolaryngologist (ENT) practicing in Regal Park, New York, included a payment of $15,000, a corrective action plan and two years of monitoring by the OCR.

The facts behind the case are these: In September 2018, the OCR received a complaint from a patient alleging that Dr. Bhayani failed to provide her with access to her medical records after she requested them in July 2018. Following the complaint, the OCR provided technical assistance to Dr. Bhayani regarding compliance with the right-of-access requirements and closed the case. Similar to other recent settlements with the OCR, the patient lodged a second complaint, alleging that Dr. Bhayani still had not provided her with access to her records, and as a result of re-opening the file, the OCR “determined that Dr. Bhayani’s failure to provide the requested medical records was a potential violation of the HIPAA right of access standard.” Following the investigation, the patient received a copy of her medical records in September 2020.

According to OCR Director Roger Severino, “Doctor’s offices, large and small, must provide patients their medical records in a timely fashion. We will continue to prioritize HIPAA Right of Access cases for enforcement until providers get the message.”

Providers, the message is clear: carefully follow HIPAA’s right-of-access requirements.

Photo of Linn Foster Freedman Linn Foster Freedman

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chairs the firm’s Data Privacy and Security and Artificial Intelligence Teams. Linn focuses her…

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chairs the firm’s Data Privacy and Security and Artificial Intelligence Teams. Linn focuses her practice on compliance with all state and federal privacy and security laws and regulations. She counsels a range of public and private clients from industries such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine and charitable organizations, on state and federal data privacy and security investigations, as well as emergency data breach response and mitigation. Linn is an Adjunct Professor of the Practice of Cybersecurity at Brown University and an Adjunct Professor of Law at Roger Williams University School of Law.  Prior to joining the firm, Linn served as assistant attorney general and deputy chief of the Civil Division of the Attorney General’s Office for the State of Rhode Island. She earned her J.D. from Loyola University School of Law and her B.A., with honors, in American Studies from Newcomb College of Tulane University. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.