• Patient Privacy Rights

  • Many articles have been written about the effects of patient privacy rights under the Health Insurance Portability and Accountability Act of 1996, (HIPAA) and the social media platforms, such as Facebook, Twitter, and Instagram.

    The need has never been greater for organizations to have reasonable and appropriate written policies and workforce training in place to safe guard Protected Health Information (PHI). By incorporating HIPAA’s specific requirements such as the Employee Sanction Policy (164.308 (C)), it could be the difference between a judgement for or against your organization.

    In 2013, an employee of University of Cincinnati Medical Center, (UCMC) posted on Facebook, an image of a pregnant woman’s medical records, which revealed she had maternal syphilis, prompting the patient to sue the hospital and the employee, who was fired after making the post.

    Recently, The Hamilton County Common Pleas Court Judge Jody Luebbers ruled that UCMC was not liable for the privacy violation because the employee, who worked in the hospital’s financial services department went outside the scope of her employment in accessing the information and that the hospital should be dropped from the suit. “UCMC had a policy. It was violated,” Luebbers said. “It’s tragic…but that’s just how I see it.”

    HIPAA’s Information Security Management standard (164.308(a)(4)) outlines the addressable safeguards for organizations to put into place for the protection of patients PHI from being viewed by workforce members not authorized do to so.

    Breaches due to employees using social media are becoming quite extensive. Often in my HIPPA training classes, I share the story about the UCLA doctor who was fined, fired and received four months in prison for accessing the charts of two celebrities he was not treating, violating the very fundamentals of HIPAA’s privacy and security controls.   

    Don’t be the next organization in the news.

    On a personal note, I am very grateful for allowing me to be a part of your lives through my blogs. I’ve met some wonderful people because of them, and I feel there are important memories that are tied to them. I am grateful for the gift of each of you, as if you are reading this, you are alive, and that is a gift. Thank you for allowing me to be a part of your world.

    Here’s wishing you the gift of peace and prosperity throughout 2016.

    Judith Lindsay, CEO of JAL Consult tackles all the elements of HIPAA compliance puzzle. Successfully assisting organizations to make sense of it all by implementing the correct policies and procedures that are reasonable and appropriate for their entity. Judith provides consulting, training and is available for speaking engagements. To read more about the world of compliance subscribed to JAL’s insightful newsletter at www.jalconsultantsaz.com OR follow JAL on Twitter @ judithconsult