Get Live Chat Request a Callback Get live demo

← Back

Solo Dental Practice hit with $70,000 Penalty for violation of the HIPAA Right of Access Rule

Public Policy

Disclaimer: This blog article was written by an AdvancedMD partner. The views and opinions expressed in this article are those of the author(s) and do not necessarily reflect the official policy or position of AdvancedMD.

Gums Dental, a solo dental practice and a “covered entity” under HIPAA, was found non-compliant with the Privacy Rule regarding a patient’s right to access medical records. In April 2019, a patient requested electronic copies of her and her children’s health records, which Gums Dental failed to provide. Following several follow-up requests and complaints to the Office for Civil Rights (OCR), Gums Dental did not produce the records, violating HIPAA’s 30-day timeline for access.

The Office for Civil Rights (OCR), the branch of CMS that enforces HIPAA rules, provided technical assistance and issued reminders but Gums Dental continued to deny the requests. Gums Dental cited a flat fee of $25 for mailing the records and suspicions of potential insurance fraud as justification. OCR noted that the Privacy Rule does not permit denial of access based on assumptions of intent or demand for non-applicable fees. Despite further requests and investigation reminders from OCR, Gums Dental did not provide the records or demonstrate any mitigating factors.

OCR determined Gums Dental violated HIPAA by failing to provide patient access to medical records, despite lawful requests and repeated guidance from OCR. The violation, categorized as “willful neglect, uncorrected,” occurred from August 26, 2019 through March 29, 2022.

OCR considered several factors when determining the Civil Monetary Penalty (CMP) for Gums Dental’s HIPAA violation, including:

  1. Nature and Extent of Harm: The Complainant’s family was denied dental services by Gums Dental, reportedly as retaliation for the complaint filed with OCR, and could not access insurance reimbursement due to lack of records.
  2. Nature and Extent of Violation: Gums Dental ignored repeated requests to provide the Complainant’s records and failed to act on OCR’s technical assistance and data requests, resulting in an ongoing two-year-plus violation.
  3. Compliance History: Gums Dental previously disregarded OCR’s guidance and data requests but has no other recorded compliance issues.
  4. Financial Condition: OCR acknowledged Gums Dental’s status as a solo provider, though it lacked detailed financial information due to Gums Dental’s non-cooperation.

Given the ongoing nature of the violation and the impact on the Complainant’s access to care, OCR assessed a daily penalty of $63,973 for willful neglect. However, considering the financial implications on Gums Dental as a solo practice, OCR exercised discretion to reduce the penalty to $70,000, factoring in potential challenges from the COVID-19 pandemic.

Source Gums Dental Care, LLC Notice of Proposed Determination | HHS.gov

The HIPAA right of access rule is just one of the many rules small practices must be compliant with.   TLD Systems can assist your practice in setting up polices and procedures to keep you on track and compliant with the various rules and regulations.   For more information on how TLD Systems can assist your practice contact TLD Systems at

https://www.tldsystems.com
phone: (631) 403 6687
email:  [email protected]


Avatar photo
Michael Brody, DPM
Dr. Brody has been actively involved in computers and medicine since the 1980s. He is a Residency Director at a VA hospital located in Long Island, NY. Notably, he was present as the VA moved from paper records to computerized records. During this time, he was exposed to the stringent rules and regulations that government employees must adhere to when protecting patient information. He co-founded TLD Systems with Warren Melnick. They wanted to create a platform for private practice doctors that provides a cost-effective method of implementing HIPAA compliance in their practices. He has served on the Health Information Technology Standards Panel (HITSP), the Standards and Interoperability Framework (S&I), as a member of the Ambulatory Care Committee at the Certification Commission on Health Information Technology (CCHIT), and numerous other organizations. He is currently a member of the Physicians Committee at the Healthcare Information and Management Systems Society (HIMSS) and a co-chair of the EHR workgroup at Health Level Seven International (HL7). He co-founded TLD Systems with Warren Melnick to create a platform that doctors who wish to work in private practice have a cost-effective method of implementing HIPAA compliance in their practices in a manner that does not interfere with their ability to practice medicine. He has served on the Health Information Technology Standards Panel (HITSP), the Standards and Interoperability Framework (S&I), as a member of the Ambulatory Care Committee at the Certification Commission on Health Information Technology (CCHIT), and numerous other organizations. He is currently a member of the Physicians Committee at the Healthcare Information and Management Systems Society (HIMSS) and a co-Chair of the EHR workgroup at Health Level Seven International (HL7)
Topic: MACRA/MIPS, Public Policy



Other Resources Related to This Topic

MACRA/MIPS

Promoting Interoperability 2025 Guide

Use this step-by-step guide in conjunction with the AdvancedMD Help Files or the MIPS Promoting...

Read Now ›

MACRA/MIPS

MIPS Value Pathways (MVP) 2025 Highlights

Each MVP includes measures and activities from the quality performance category, improvement activities performance category,...

Read Now ›

MACRA/MIPS

Traditional MIPS Highlights 2025

2025 updates for Traditional MIPS Highlights.

Read Now ›