St. Croix Regional Medical Center will pay $225,000 to resolve claims that it charged excessive fees for medical record requests in violation of Wisconsin laws.

The settlement amount will go to patients and other authorized individuals who requested healthcare records and "directly or indirectly paid a request, basic, retrieval, certification or other fee since Nov. 20, 2013."

Under the terms of the settlement, class members can receive up to one-and-a-half times the amount they paid for medical records.

The final approval hearing is scheduled for January 31, 2025. "$225K Saint Croix Regional Medical Center data breach class action settlement" topclassactions.com (Sep. 06, 2024).

Commentary

Excessive fees have led to other class actions. For example, Verisma Systems agreed to pay a $4.9 million settlement to resolve claims it charged excessive fees for medical records. "Class Action Rebates | June 2024" topclassactions.com. 

Under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), a covered entity can either charge a flat fee of no more than $6.50 for all requests for electronic copies of Personal Health Information (PHI), or they can calculate the allowable fees for providing copies of PHI.

To calculate fees, covered entities can either calculate the actual allowable costs to fulfill each request or use "a schedule of costs based on average allowable labor costs to fulfill standard requests."

Labor and certain other costs are not permitted to be charged to individuals under HIPAA, even when doing so is authorized under state law. "Individuals' Right under HIPAA to Access their Health Information 45 CFR §164.524" www.hhs.gov. (Jan. 05, 2024).