UnitedHealthcare Pays Settlement for HIPAA violation over Patient Medical Records Request

UnitedHealthcare Settles for $80,000

Join our newsletter:

UnitedHealthcare Insurance Company (UHIC), a major health insurer in the United States, has reached a settlement with the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) regarding a potential violation of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule's right of access provision. Under this rule, patients have the right to access their health information in a timely manner.

This settlement, which marks the 45th case of its kind to be resolved through voluntary agreement, requires UHIC to implement a corrective action plan and pay $80,000. The OCR's Director, Melanie Fontes Rainer, emphasized the importance of timely access to health information, stating that the OCR will continue to enforce the right of access and hold accountable any covered entities that delay or deny access requests.

The investigation was initiated in March 2021 following a complaint from an individual who claimed that UHIC failed to respond to their request for a copy of their medical record. The individual had initially made the request on January 7, 2021, but did not receive the records until July 2021, well after the OCR began its investigation. This was the third complaint the OCR received from the same individual against UHIC regarding their right of access.In addition to the financial settlement, UHIC has agreed to a corrective action plan that includes OCR monitoring for one year.

The resolution agreement and corrective action plan can be accessed on the HHS website.The OCR's guidance on the HIPAA right of access is available on their website as well. The OCR remains committed to ensuring the protection of individuals' health information privacy and security under HIPAA. Individuals who believe their own or someone else's health information privacy or civil rights have been violated can file a complaint with the OCR through their online complaint portal.


Discover Our Cybersecurity Complaince Solutions:


NIST SP 800-171 & CMMC Compliance

Whether you need to meet and maintain your NIST SP 800-171 & CMMC 2.0 compliance requirements, help your clients meet them, or verify sub-contractor compliance we have the expertise and solution for you.

HIPAA Compliance

Whether you need to meet and maintain your HIPAA compliance requirements or help your clients meet them we have the expertise and solution for you.