Slashdot Mirror
First Ever HIPAA Fine Is $4.3M
Trailrunner7 writes "The health care industry's toothless tiger finally bared its teeth, as the US Department of Health and Human Services issued a $4.3M fine to a Maryland health care provider for violations of the HIPAA Privacy Rule. The action is the first monetary fine issued since the Act was passed in 1996. The US Department of Health and Human Services (HHS) issued a Notice of Final Determination to Cignet Health care of Temple Hills, Maryland on February 4. The notice followed a finding by HHS's Office of Civil Rights that Cignet failed to provide 41 patients with copies of their medical records and for failing to respond to requests from HHS's Office of Civil Rights for information related to the complaints."
Ah, a med student. How quaint.
One of my former co-workers once got into an argument with her provider's office about a policy change of theirs. It just so happened that office was also a client of my employer's (answering service). So, the office took it upon themselves to put two-and-two together, and they managed to have her fired. Yes, fired because she had an argument off-the-clock in a situation where she was supposed to be the customer.
I think it's good that HIPAA is being enforced. If you med types want to arrogantly view yourselves as gods or even scientists because you know a little biology, you could at least use a bit of ethics in your daily lives. Dicking around with confidential information and using it for your own amusement/revenge is not ethical.
Join the Slashcott! Stay away entirely Feb 10 thru Feb 17! Close all tabs to prevent autorefresh!
HIPPA violations are usually identified either by patient complaints to the state department of health or a Joint Commission survey. Of course they happen routinely (daily, in my experience) but only violations that are reported are actionable. And, in those cases, the concern has been correcting the deficiency, not punishing the mistake. In this particular case, Cignet Health Care ignored repeated requests for information and only under a court order did they release the records. This isn't a slip-up, it's gross negligence:
When the health care provider was ordered by a court to respond to the requests, it disgorged not just the patient records in question, but 59 boxes of original medical records to the U.S. Department of Justice, which included the records of 11 individuals listed in the Office of Civil Rights Subpoena, 30 other individuals who had complained about not receiving their medical records from Cignet, as well as records for 4,500 other individuals whose information was not requested by OCR.