HIPAA Violations
Clinicalby Elizabeth E. Hogue, Esq.
Mom Needs More Fiber?
An emergency room physician, for example, pled guilty to illegally obtaining the personal health information of multiple individuals. He was convicted of one count of wrongfully obtaining individually identifiable health information under false pretenses. The physician received a resident physician license and participated in an emergency medicine residency program at a university hospital. He worked in the emergency room of two hospitals in the university system.
The doctor used his access as a resident physician to the hospitals’ electronic health record to access the records of two patients without their knowledge or consent. He was never the patients’ physician. The patients were not receiving care in the emergency rooms where the doctor worked at the time he accessed the records.
The doctor also admitted that he sent a photograph to someone else of one of the patients wearing a hospital gown in which the patient’s rectum was hanging out of the patient’s body. And now for the “best” part: the doctor also admitted that he falsely wrote in a letter that he sent the picture of the patient with a prolapsed rectum to his mother to remind her of the importance of fiber intake!
Do you remember the comedian, Flip Wilson, who repeatedly claimed that the devil made him do it? When it comes to accessing patients’ medical records in violation of HIPAA, you must “put the devil behind you!” Protecting patients’ private health information is serious business – serious criminal business. Be vigilant!
By the same token, providers must also always remember that the HIPAA Privacy Rule isn’t just about protecting health information; it’s also about giving appropriate access to it. In the zeal to protect information, it anecdotally seems that practitioners have lost sight of the fact that access to information is at least as important as protection of information. In fact, the Office for Civil Rights, the federal enforcer of HIPAA violations, has focused on denial of access in enforcement actions for the past several years.
Remember that, however tempting the information you would like to have may be, temptation pales in comparison to jail time!
# # #
Elizabeth Hogue is an attorney in private practice with extensive experience in health care. She represents clients across the U.S., including professional associations, managed care providers, hospitals, long-term care facilities, home health agencies, durable medical equipment companies, and hospices.
©2024 Elizabeth E. Hogue, Esq. All rights reserved.
No portion of this material may be reproduced in any form without the advance written permission of the author.
for a code to enter to fully authorize your login. The name for this is Multi-Factor Authentication, or MFA. Lack of MFA procedures leaves your company at risk, which UnitedHealth discovered when it was grilled by Congress about the cyberattack on Change Healthcare.
formerly Kindred at Home, and which is awaiting government approval for its bid to acquire Amedisys, has quietly been executing a reduction in force. Reports are that the bulk of the layoffs are hitting “Optum Virtual Care,” the name given to naviHealth following its $1 billion acquisition in 2020. Following a surge in demand during the pandemic, the company is apparently abandoning telehealth services.
Tim Rowan is a 30-year home care technology consultant who co-founded and served as Editor and principal writer of this publication for 25 years. He continues to occasionally contribute news and analysis articles under The Rowan Report’s new ownership. He also continues to work part-time as a Home Care recruiting and retention consultant. More information: 
