June 21, 2006

Examples of HIPAA Privacy Violations - More HIPAA Lawsuits Coming?

Written by: administrator
Filed under: add to del.icio.us

        

I found a website that listed a number of Privacy Violations. The page is quite outdated since it’s latest case was in 2002, but I thought that many of the examples could just as easily apply today. In fact, with computers it makes many of the cases much easier to accomplish and easier to track misdoing. Does that mean we are going to have more HIPAA lawsuits coming? I think it’s only just a matter of time.

Does EMR affect this? Probably not directly, but indirectly many of these cases could be related to your use of an EMR system.

Here’s 2 examples that I found quite interesting from the HIPAA privacy violations article:

# A psychiatrist from New Hampshire was fined $1,000 for repeatedly looking at the medical records of an acquaintance without permission. Because there was no state law making it a crime to breach the confidentiality of medical records, the case was brought under a law against misusing a computer. (”Psychiatrist Convicted of Snooping in Records,” The Associated Press State & Local Wire, May 5, 1999)

# A jury in Waukesha, Wisconsin, found that an emergency medical technician (EMT) invaded the privacy of an overdose patient when she told the patient’s co-worker about the overdose. The co-worker then told nurses at West Allis Memorial Hospital, where both she and the patient were nurses. The EMT claimed that she called the patient’s co-worker out of concern for the patient. The jury, however, found that regardless of her intentions, the EMT had no right to disclose confidential and sensitive medical information, and directed the EMT and her employer to pay $3,000 for the invasion of privacy. (L. Sink, “Jurors Decide Patient Privacy Was Invaded,” Milwaukee Journal Sentinel, May 9, 2002)

My biggest comfort with HIPAA is that it doesn’t seem like they are really out headhunting. If you are an honest person who makes a bad choice then HIPAA is kinder to you then those that blatantly misuse the information. However, in our sue happy world that might be changing.

Related Articles
  • Privacy as a Right?
  • Two HIPAA Decisions
  • HIPAA Guidelines
  • EMR and HIPAA Blog
  • 60,000 EMR and HIPAA Visitors and Counting - A Statistical Review of EMR and HIPAA

    • Related posts brought to you by Yet Another Related Posts Plugin.

    • Look for similar articles under these categories: 

    13 responses to "Examples of HIPAA Privacy Violations - More HIPAA Lawsuits Coming?"

    1. # oksana commented on September 7th, 2006:

      i think and its only my opinion that hipaa is a great idea because this way people will know that the info about they is safe

    2. # Jay commented on March 3rd, 2007:

      Question if a doctor sends your account to a collection and they post this on your credit report is this in violation to the law?

    3. # maria commented on October 13th, 2007:

      I requested my EOB from my primary medical group insurance so I can submit to my secondary insurance so they can pay for my medical services ,and when I recieved it , I did not just recieve my information for the services I had done , there was also information with names and services done to other patients along with my information, is this a hippa violoation?

    4. # fac_p commented on October 21st, 2007:

      As to the #3 comment from Maria, YES, it was a violation. If you have ever received a mis-directed fax in which patient information is listed, that is a violation of HIPAA as well. Providers have a responsibility to verify current phone and fax numbers before giving out information, especially when faxing medical records. The disclaimer that is routinely included does not mean that the fax meets HIPAA requirements for records transmittal.

      The record Maria received should have been redacted.

      I really think that the possibility of misuse and abuse of the emerging EMR technologies is going to be a nightmare of HIPAA violations. Whether or not they are prosecuted remains in the hands of HHS.

    5. # lisa commented on December 3rd, 2007:

      I was at an Emergency Room and was treated with very little regard. I then complained to the director of er and was told that she had showed my chart to the nurses involved to get their thoughts. Is this not a Hipaa Violation, couldn’t this have been handled with the nurses seeing the chart without the name. They knew what they had done.

    6. # EMR and HIPAA commented on December 3rd, 2007:

      lisa,
      I’m not a lawyer and so I can’t give legal advice. I’d suggest consulting an attorney to get an official answer. I think it also depends on the state too.

      However, to me it seems like poor business practice more than a HIPAA violation. The nurses had already seen your name and the information and so it wasn’t exposing them to anything new. They have all signed HIPAA privacy agreements and you could pretty easily argue that they needed to see the information to know how to answer the director’s question.

      Does sound like a poor business practice though. From the little information given, it sounds like the director could have done a better job.

    7. # Candace commented on January 7th, 2008:

      LISA - Not only is this not a violation of HIPAA, it would in fact be a normal business practice. When the Director goes to talk to the involved staff about a concern raised by a patient, the staff are not going to be able to respond unless they remember who the patient was and the circumstances of the visit. Given the busy-ness of a typical ER, you may have been just one of hundreds of people seen that week.

    8. # Jennifer commented on February 28th, 2008:

      I requested copies of my hipaa releases because I was suspicious about a therapist our family was using, and her unethical behaviors during our treatment with her. I do have a complant pending at the DOH for other matters regarding her. Anyhow, In reviewing the Hipaa releases, I noticed one was “signed” by me on 3/14/05, with entities names written in, in different handwriting, different pen, names of people we had not even met yet. They were people from my daughters high school. On 3/24/05 she was not even in high school yet. She was 13 in the 8th grade on that date. Further more, we did not even begin family therapy until 11/25/05 with this therapist. She altered an authorization after I had signed it, on an old release I had signed for the same facility some months before treatment began with her. What do I do about this? She discussed our therapy wth the school without a valid authorization, and it has caused significant damage, and psychological distress and anxiety. It has gotten so that I cannot even show my face at my child’s high school. I am so embarassed by this.

    9. # EMR and HIPAA commented on February 29th, 2008:

      Jennifer,
      Since I’m not a lawyer I really can’t give you legal advice. Plus, even if I was a lawyer, I probably wouldn’t give you legal advice over the internet. However, knowing the types of securities we place on our patient’s information and disclosure it sounds like you have a case worth talking to a lawyer about. Maybe an interested lawyer will see your comment and I’ll put them in touch with you if they express interest.

      Best of luck. It’s unfortunate when private information is shared.

    10. # Arcy commented on November 5th, 2008:

      Hello,

      My employer had a medical release by me with specific dates of release 10/23/08-10/31/08. My employer advised me that they left a message for my doctor on 10/30/08, and spoke to my doctor about my condition on 11/4/08. I need clarification if this is a violation of HIPPA, since my doctor and employer spoke after the dates outline in my medical release, or is it within HIPPA regulations because my employer initiated the phone call prior to the expiration date. Also, why would my employer wait til almost the last minute to phone my doctor when they had the release for 7 days. Thoughts?

    11. # EMR and HIPAA commented on November 6th, 2008:

      Arcy,
      You’ll have to consult a lawyer for a specific answer to your question. Some of those details are dependent on state laws and things. Plus, I’d be hesitant to offer any sort of legal advice online like this. Especially since I’m not a lawyer and I can’t offer legal advice.

    12. # Tim commented on November 17th, 2008:

      I have a question. I requested my records from a state hospital (NY). I was told that to VIEW the records there was a $25 per hour fee. I told them that the HIPAA guidelines forbid charging a “viewing fee” and was told that state law trumps the HIPAA policy. I cant get anywhere, any suggestions?

    13. # EMR and HIPAA commented on November 17th, 2008:

      Tim,
      Of course, I’ll put out the mandatory disclaimer that I’m not a lawyer and I know nothing about NY. Talk to a real lawyer for legal advice.

      I can tell you that we’ve had to deal with one issue in our clinic where the state law was different and more specific than HIPAA. So, our lawyers advised us to go with the stricter of the 2 laws which was our state law. I guess that might mean that it could be the same in NY.

      Crappy part is that consulting a lawyer on the subject will cost you more than just paying the viewing fee.

      Best of luck. I’m sorry that I’m not more help. My expertise is more with technology and implementing technical components according to HIPAA standards.

    Leave a Reply
    Commenting policy: Some comments run the risk of being deleted. These include comments that are spam or cannot be understood or are rude.
    You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>
    Top - Home
    EMR and HIPAA Sponsor

    Medical Web Experts - Website Design for Doctors