First Ever HIPAA Fine Is $4.3M

Trailrunner7 writes "The health care industry's toothless tiger finally bared its teeth, as the US Department of Health and Human Services issued a $4.3M fine to a Maryland health care provider for violations of the HIPAA Privacy Rule. The action is the first monetary fine issued since the Act was passed in 1996. The US Department of Health and Human Services (HHS) issued a Notice of Final Determination to Cignet Health care of Temple Hills, Maryland on February 4. The notice followed a finding by HHS's Office of Civil Rights that Cignet failed to provide 41 patients with copies of their medical records and for failing to respond to requests from HHS's Office of Civil Rights for information related to the complaints."

More to come?

[idiot900]

I'm a med student who has worked in several hospitals, and have yet to see one where HIPAA is rigorously followed. Directives by management are common, but when HIPAA impedes patient care (it's a hassle and timekiller to comply completely), it is always worked around. Doctors by and large, in my experience, toss HIPAA aside the first time they have to decide what to do with their limited time - adhere to every last rule or take care of a patient.

I'm really surprised it's taken this long for a fine to come about.

Re:More to come?

[Velex]

Ah, a med student. How quaint.

One of my former co-workers once got into an argument with her provider's office about a policy change of theirs. It just so happened that office was also a client of my employer's (answering service). So, the office took it upon themselves to put two-and-two together, and they managed to have her fired. Yes, fired because she had an argument off-the-clock in a situation where she was supposed to be the customer.

I think it's good that HIPAA is being enforced. If you med types want to arrogantly view yourselves as gods or even scientists because you know a little biology, you could at least use a bit of ethics in your daily lives. Dicking around with confidential information and using it for your own amusement/revenge is not ethical.

Re:More to come?

[chowdahhead]

HIPPA violations are usually identified either by patient complaints to the state department of health or a Joint Commission survey. Of course they happen routinely (daily, in my experience) but only violations that are reported are actionable. And, in those cases, the concern has been correcting the deficiency, not punishing the mistake. In this particular case, Cignet Health Care ignored repeated requests for information and only under a court order did they release the records. This isn't a slip-up, it's gross negligence:

When the health care provider was ordered by a court to respond to the requests, it disgorged not just the patient records in question, but 59 boxes of original medical records to the U.S. Department of Justice, which included the records of 11 individuals listed in the Office of Civil Rights Subpoena, 30 other individuals who had complained about not receiving their medical records from Cignet, as well as records for 4,500 other individuals whose information was not requested by OCR.

Re:More to come?

[debrain]

If you med types want to arrogantly view yourselves as gods or even scientists because you know a little biology,

There isn't even much in the way of actual science or biology. For example, the well reputed author of Lies, Damned Lies, and Medical Science claims that "as much as 90 percent of the published medical information that doctors rely on is flawed".

Re:Dentists...

Sounds like exactly what this lawsuit was about. Not giving patients their records.

Re:Dentists...

[Vrallis]

Yeah, and I never looked into HIPAA enough to realize until now that it included protecting the patient's right to access, not just privacy. Good ammo for my next visit.