HIPAA Violation: A Case Study

Similar documents
WRAPPING YOUR HEAD AROUND HIPAA PRIVACY REQUIREMENTS

HIPAA THE PRIVACY RULE

DO ASK BUT DON T TELL HIPAA PRIVACY RULE

A general review of HIPAA standards and privacy practices 2016

MESSAGE FROM Care 1st Health Plan. Notice of Privacy Practices Effective: April 14, 2003

Notice of Privacy Practices

HIPAA Privacy Training for Non-Clinical Workforce

Compliance Program Code of Conduct

Payment: We are permitted to use and disclose your health information to receive payment for our services. For example, we may:

Updated FY15 Dignity Health General Compliance Education for Staff Module 2

The Privacy & Security of Protected Health Information

HIPAA and HITECH: Privacy and Security of Protected Health Information

Carrying Out a State Regulatory Program

Compliance Program, Code of Conduct, and HIPAA

2514 Stenson Dr Cedar Park TX Fax

Complaint about a training organisation operating under ASQA s jurisdiction

Title: HIPAA PRIVACY ADMINISTRATIVE

Faculty Profile. PART I Privacy Training for Health Professionals. Disclaimer. Always Be Prepared 7/11/2013. Why should you care about Privacy?

Compliance Program. Life Care Centers of America, Inc. and Its Affiliated Companies

RESPONDING TO PATIENT COMPLAINTS AND OTHER PRIVACY-RELATED COMPLAINTS

SUMMARY OF JOINT NOTICE OF PRIVACY PRACTICES (HOSPITAL AND MEMBERS OF ITS MEDICAL STAFF)

Compliance with HIPAA Administrative Simplification

Department of Defense DIRECTIVE. SUBJECT: Release of Official Information in Litigation and Testimony by DoD Personnel as Witnesses

PRIVACY BREACH MANAGEMENT GUIDELINES. Ministry of Justice Access and Privacy Branch

Information Sharing and HIPAA Compliance

DEPARTMENT OF THE NAVY HEADQUARTERS UNITED STATES MARINE CORPS 3000 MARINE CORPS PENTAGON WASHINGTON DC

Health Insurance Portability and Accountability Act. Awareness Training for Volunteers

v. : 18 U.S.C. 371, 951 & 2 MICHAEL RAY AQUINO, : I N D I C T M E N T a/k/a "Ninoy" The Grand Jury in and for the District of New Jersey,

Privacy and Security Orientation for Visiting Observers. DUHS Compliance Office

Your Role in Protecting Patient Privacy 2018

Defense Health Agency Program Integrity Office

Privacy & Security: What You Need to Know

Texas Higher Education oordinating oard Office of General ounsel P.O. ox 12788!ustin, TX

Advanced HIPAA Communications and University Relations

Information Privacy and Security

Medical Staff Policy Student Observers*

HIPAA Health Insurance Portability and Accountability Act of 1996

Midland College Bachelor of Applied Science Health Services Management Program Application for Admission

Healthcare Professions Registration and Standards Act 2007

HIPAA in DPH. HIPAA in the Division of Public Health. February 19, February 19, 2003 Division of Public Health 1

Anti-Fraud Plan Scripps Health Plan Services, Inc.

NOTICE OF INFORMATION AND PRIVACY POLICIES FOR KAREN P. FREED, LCSW-C, BCD WHIPPOORWILL LANE NORTH BETHESDA, MARYLAND

Federal Enforcement of the Olmstead Decision National Association of States United for Aging and Disability

PATIENT INFORMATION. In Case of Emergency Notification

What is HIPAA? Purpose. Health Insurance Portability and Accountability Act of 1996

NOTICE OF PRIVACY PRACTICES

COMPLAINT FORM CONSENT AND RELEASE

Establishing and Implementing a Process to Investigate and Resolve Privacy Breaches and Complaints

R. Gregory Cochran, MD, JD

SUPERSEDES: New CODE NO SECTION: Physician Services. SUBJECT: Disruptive Practitioner Behavior POLICY & PROCEDURE MANUAL POLICY:

Compliance Program Updated August 2017

Health Information Privacy Policies and Procedures

Trust Relationships in the Health Care Enterprise - Webs of Trust

HIPAA 201: Student Self-Learning Module & Test

White House Parity Task Force Provides Guidance on Mental Health and Substance Use Disorder Parity Law


Managing employees include: Organizational structures include: Note:

Patient Privacy Requirements Beyond HIPAA

HIPAA & PRIVACY TRAINING FOR HEALTH PROFESSIONALS: Part 1 Denise M. Hill, JD, MPA

Regulatory Compliance Policy No. COMP-RCC 4.60 Title:

Objectives. By the end of this educational encounter, the clinician will be able to:

I. Preamble: II. Parties:

New Employee Orientation HIPAA Privacy. Marcia Matthias, MJ, RHIA, CHPC Corporate Director, Health Information/Privacy Officer

HIPAA for CNAs. This course has been awarded one (1.0) contact hour. This course expires on May 31, 2020.

USES AND DISCLOSURES OF PROTECTED HEALTH INFORMATION: HIPAA PRIVACY POLICY

It defines basic terms and lists basic principles that all LSUHSC-NO faculty, staff, residents and students must understand and follow.

FEDERAL AND STATE BREACH NOTIFICATION LAWS FOR CALIFORNIA

Notice of Privacy Practices for Protected Health Information (PHI)

HIPAA Education Program

Chapter 19 Section 3. Privacy And Security Of Protected Health Information (PHI)

HOW TO MAINTAIN A LAB NOTEBOOK- RECORD KEEPING AND HIPAA. Fern Tsien, PhD Department of Genetics LSUHSC

Slide 1 WHO IS THE CLIENT? WHO CONTROLS THE RECORD? ETHICS AND HIPAA. Slide 2. Slide 3. The Four As of Ethical Practice

ITAR and the Supply Chain: Getting Stuck in the Middle

SCHOOL OF PUBLIC HEALTH. HIPAA Privacy Training

Health Care Reform (Affordable Care Act) Leadership Summit April 26, 2010 Cindy Graunke

CLINICIAN S GUIDE TO HIPAA PRIVACY

HCCA Institute Privacy Officer Round Table Discussion

OREGON HIPAA NOTICE FORM

Environment, Health, and Safety

October Dear Providers:

COMPLAINTS ESCALATION POLICY AND PROCEDURES

NATIONAL ASSOCIATION FOR STATE CONTROLLED SUBSTANCES AUTHORITIES (NASCSA) MODEL PRESCRIPTION MONITORING PROGRAM (PMP) ACT (2016) COMMENT

CODE OF PRACTICE 2016

Instructions for using the following Notice of Privacy Practices

Last printed January 27, :19 AM

A.A.C. T. 6, Ch. 5, Art. 50, Refs & Annos A.A.C. R R Definitions

Agenda. Making the Grade: How to Navigate the CSBG Monitoring Process

VHA Privacy Policy Training FY VHA Privacy Office

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED, AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.

[Enter Organization Logo] CONSENT TO DISCLOSE HEALTH INFORMATION UNDER MINNESOTA LAW. Policy Number: [Enter] Effective Date: [Enter]

U.S. Department of Justice United States Attorney Eastern District of Virginia 2100 Jamieson Avenue (703) Alexandria, Virginia NOTICE

1303A West Campus Drive

An Introduction to the HIPAA Privacy Rule. Prepared for

Mandatory Reporting A process

CONDUCTING A COMPLIANCE REVIEW OF HOSPITALPHYSICIAN FINANCIAL ARRANGEMENTS

ENTERPRISE INCOME VERIFICATION (EIV) SECURITY POLICY

MCCP Online Orientation

HIPAA. Implementation of. The Health Insurance Portability and Accountability Act of 1996 at Nash Health Care Systems

Patient Compl p ai l n ai t n s/ s G / r G ie i vanc van es

Mandatory Reporting and Breach Notification Changes to PHIPA and what you need to know

Transcription:

HIPAA Violation: A Case Study Sarah Ingersoll Clinical Instructor, Neurology, USC Consultant, PlanetHospital Treasurer, American Medical Informatics Assn

HIPAA Violation: A Case Study What Can a Patient Do? What Can a Patient Expect? Disclaimer: This case not related in any way to the university, company or professional organization with which the author is affiliated. It reflects only her personal experience.

Description Does a patient have any recourse when his privacy is compromised? What if an aggrieved patient follows up? What happens?

Why a Case Study? Take a look at the patient perspective; we are all potential patients This is an old-fashioned, traditional case, involving loose-lipped staff This is more than unauthorized peeking, this is intentional disclosure I ll let the documents do the talking

But First: Background Privacy rule: To protect the right of consumers to control how their personal health information is used Includes a clear avenue of recourse if medical privacy is compromised Enforcement: Noncompliance can trigger civil monetary penalties. Criminal violators can be fined and imprisoned The HHS Office for Civil Rights is responsible for civil violations

Background Includes a clear avenue of recourse if medical privacy is compromised (http://www.hhs.gov/ocr)

Background Enforcement: Noncompliance can trigger civil monetary penalty. Criminal violators can be fined and imprisoned first-ever HHS Resolution Agreement Providence will not face a civil penalty July 18, 2008

Background Enforcement: Noncompliance can trigger civil monetary penalties. Criminal violators can be fined and imprisoned Although HHS has the authority to levy civil fines on medical service providers for privacy violations, it has yet to do so Of the 34,000 or so complaints received only about 9,000 have led to investigations LA Times, 4/09/08

Background Enforcement: Noncompliance can trigger civil monetary penalties. Criminal violators can be fined and imprisoned Jackson was indicted by a federal grand jury on a charge of obtaining individually identifiable health information for commercial advantage. LA Times, August 5, 2008

Case Study Background A Blue Cross nurse in the appeals department reviewed the appeal of an acquaintance (me) The nurse gossiped to her ex, a friend of the patient The ex wrote a sympathy note to the patient The patient complained to Blue Cross and provided iron-clad documentation

The Patient s Wishes May 12, 2005 Subject: operation successful You are the only people who know and Sarah wants to keep it that way.

The Smoking Gun

Response #1 to Complaint August 18, 2005 The quality of service provided to our members is of the utmost importance your information has been forwarded to our HIPAA compliance Sherri Goldin Lead Grievance Specialist Blue Cross of CA

Response #3 to Complaint October 26, 2005 you contend there was a HIPAA violation by x, in the Blue Cross Appeals Department. I have researched x s name on Blue Cross employee data base and was unable to locate her name I am unable to further research this matter. Bruce Peyton Legal Assistant Corporate Legal Dept

Response #4 to Complaint Blue Cross to CA DHHS June 13, 2006 Blue Cross originally responded to all of Ms. Ingersoll s quality of care and quality of service issues (including the HIPAA issue) Debbie Burgio Regulatory Management Blue Cross of CA

DHS Complaint Response #1 September 19, 2005 the concerns you raise have been submitted to the plan s HIPAA compliance officer for investigation, Diedre Rome Complaint Analyst HMO Help Center

DHS Complaint Response #2 July 26, 2006 Blue Cross informs the Department that your concerns were previously addressed in their letter to you lacking new information, we cannot undertake further review Donnett Scott, Supervisor Complaint Resolution Branch

OCR Response, p 1 May 29, 2007 On October 21, 2005 HHS received a complaint alleging a violation between April 26 and May 16, 2005 On February 21, 2007, OCR notified Wellpoint of the complaint Wellpoint informed OCR that the BCC employee had impermissibly disclosed

OCR Response page 2 May 29, 2007 (cont.) Wellpoint has furnished OCR with BCC s policies and procedures, which we are satisfied protect Wellpoint has apologized OCR is closing this complaint. Michael F. Kruley Regional Manager

May3, 2007 my sincerest apologies that a Blue Cross associate disclosed some of your personal health information I apologize for the delay this matter was not taken lightly. Ron McGinnis Director of Regulatory Management The Apology

Postscript Where we have found non-compliance, we have been able to get systemic change that benefits all individuals, said Robinsue Frohboese, principal director of the office LA Times 4/09/08

Postscript Even after the med center [UCLA] said in early April that it was cracking down on unauthorized looks at celebrity medical records, [staff] took an inappropriate look The Wall Street Journal 8/05/08

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback