HIPAA Violations

Jul 12, 2024 | Clinical, Privacy and Security, Regulatory

by Elizabeth E. Hogue, Esq.

Mom Needs More Fiber?

Imagine that a celebrity receives care where you work and curiosity gets the better of you, or someone you know is admitted and you would love to know the details. It’s oh so very tempting! So, you access records of care provided to patients that you have no legitimate need to view. The HIPAA police are on it! Because let’s not forget that the HIPAA Privacy Rule is a criminal statute.

An emergency room physician, for example, pled guilty to illegally obtaining the personal health information of multiple individuals. He was convicted of one count of wrongfully obtaining individually identifiable health information under false pretenses. The physician received a resident physician license and participated in an emergency medicine residency program at a university hospital. He worked in the emergency room of two hospitals in the university system.

The doctor used his access as a resident physician to the hospitals’ electronic health record to access the records of two patients without their knowledge or consent. He was never the patients’ physician. The patients were not receiving care in the emergency rooms where the doctor worked at the time he accessed the records.

HIPAA Violations Oops

The doctor also admitted that he sent a photograph to someone else of one of the patients wearing a hospital gown in which the patient’s rectum was hanging out of the patient’s body. And now for the “best” part: the doctor also admitted that he falsely wrote in a letter that he sent the picture of the patient with a prolapsed rectum to his mother to remind her of the importance of fiber intake! 

Do you remember the comedian, Flip Wilson, who repeatedly claimed that the devil made him do it? When it comes to accessing patients’ medical records in violation of HIPAA, you must “put the devil behind you!” Protecting patients’ private health information is serious business – serious criminal business. Be vigilant! 

By the same token, providers must also always remember that the HIPAA Privacy Rule isn’t just about protecting health information; it’s also about giving appropriate access to it. In the zeal to protect information, it anecdotally seems that practitioners have lost sight of the fact that access to information is at least as important as protection of information. In fact, the Office for Civil Rights, the federal enforcer of HIPAA violations, has focused on denial of access in enforcement actions for the past several years. 

Remember that, however tempting the information you would like to have may be, temptation pales in comparison to jail time!

# # #

Elizabeth E. Hogue, Esq.
Elizabeth E. Hogue, Esq.

Elizabeth Hogue is an attorney in private practice with extensive experience in health care. She represents clients across the U.S., including professional associations, managed care providers, hospitals, long-term care facilities, home health agencies, durable medical equipment companies, and hospices.

©2024 Elizabeth E. Hogue, Esq. All rights reserved.

No portion of this material may be reproduced in any form without the advance written permission of the author.