OCR stepping up HIPAA privacy, security enforcement
Criminal Penalties
• When an individual or covered entity knowingly violates HIPAA and discloses a patient's private health information, they can face up to $50,000 in fines and up to one year in prison.
• When the offense is committed under false pretenses, the penalties are higher. Up to $100,000 in fines can be assessed, and violators can spend up to five years in prison.
Privacy violation: Patient records improperly disposed of
•Rite Aid Agrees to Pay $1 Million to Settle HIPAA Privacy Case
•CVS to pay $2.25 million to settle HIPAA violation
Where did the data end up: In a public dump
What information was revealed: Names, addresses, dates of birth, Social Security numbers, insurance information (including policy numbers), patient identification numbers, as well as protected health information such as diagnoses relating to pathology tests
Privacy violation:Patient information faxed to a business
Where did the data end up: An auto shopWhat information was revealed: Six patients' names, dates of birth, and details about the visits
What makes this case special: Unlike so many other examples, this breach of patient confidentiality was accidental. A test fax should have been sent first.
Privacy violation: The selling of patient information
Where did the data end up: A recycling centerWhat information was revealed: Names of patients, as well as their addresses, phone numbers and medical record numbers all on printoutsWho was responsible: Hospital janitor Robert SandersWhat makes this case special: Sanders sold 30,000 patient record printouts for $40
Privacy violation:Patient information reproduced, posted
publicly
Who was responsible: Five nurses
What makes this case special: While no patient names, photographs or identifying information appear to have been used, according to the hospital, management insisted on pursuing termination hearings for the employees involved.
Where did the data end up:
Privacy violation: Personal discussions involving patients
Where did the data end up:Facebook and in cell phone photos
What went down: Pictures were taken of an X-ray
Who was involved: Two nurses employed by Mercy Walworth
Response: The nurses were fired.
Instead of treating a 60-year-old stabbing victim after his initial arrival at St. Mary Medical Center's ER, nurses and other staff took photos of the man and posted them on Facebook, the Los Angeles Times reports.
Oakwood Hospital Employee Fired for Facebook Posting”
“Nurses' jobs at risk for allegedly posting patient info on Facebook”
“Hospital worker fired over Facebook comments”
“Single tweet by hospital employee to Mississippi governor violates HIPAA and gets her fired”
“Nurses Fired Over Cell Phone Photos Of Patient”
Captured on Facebook, the food-fighting nurses at hospital where
1,200 died.
Top Related