HIPAA regulates the use, transfer and disclosure of patients’ healthcare information. In spite of the heavy penalties associated with non-compliance and HIPAA violations, sensitive patient information often end up in the wrong hands. This causes considerable distress to the patient involved apart from making him/her lose trust in the physicians and their staff.
Improper disclosure of healthcare records, releasing the wrong patient’s information, and releasing the information to an undesignated party are among the many HIPAA violations. It is quite disturbing that these breaches continue to occur, putting the patients at great risk of medical identity theft and other vulnerabilities.
CBSDFW.COM recently reported the alarming case of confidential medical records being used as copier paper. The patient who visited the gastroenterology practice in question was too unwell to notice the paperwork she was given until later. On examining the papers she found that they contained another patient’s personal, private information including age, DOB, home address, telephone number, weight, email ID, diagnosis and so on. It is assumed that this particular doctor’s office did not discard paperwork in the shredder and instead used it as copier paper. A staffer who was alerted to this issue seemed uncaring of the fact that another patient’s information was on the other side of the paper.
This practice of medical information finding their way into the wrong hands is not limited to the U.S. alone. Abc.net.au reported the case of sensitive notes of three patients at a hospital in Australia found along with the records of a deceased patient. What is hard to believe is that hospitals are discarding medical files so callously. The person who found the records of three strangers along with his deceased mother’s medical notes is demanding an enquiry to find out what went wrong, where it went wrong and how the incident happened. The hospital concerned is also investigating the issue to ensure it doesn’t occur again.
In the United States, under HIPAA Law Section 1177, “Wrongful Disclosure of Individually Identifiable Health Information,” the U.S. Department of Labor can impose fines beginning at $50,000 and/or up to a year in jail, all the way up to a fine of $250,000 and/or up to ten years in jail for an individual. Under HIPAA rules, an “individual” can be a medical entity, institution, or an executive of either. HIPAA applies to health plan organizations, healthcare clearing houses, healthcare providers, and business associates.
When releasing patient records for purposes such as review in medical litigation, physicians have to be extremely careful that they are handing them to an authorized party. Then there is the issue of sharing patient information in this era of electronic medical records and care co-ordination across diverse healthcare facilities. Confidentiality has to be maintained at all costs, ensuring that the systems are secured against all hitches and vulnerabilities.