Hipaa That Denies
hipaa that denies
Is this a HIPAA violation?
Assume the following scenario:
Joe calls a Clinic and impersonates somebody named Kevin.
Joe, impersonating Kevin, asks the clinic for medical records to be sent so Joe’s house.
The Clinic sends the medical records to Joe’s house, not realizing that Kevin has been impersonated.
Is this a HIPAA violation? IF so, who is guilty? Is Joe guilty? Or is the Clinic guilty?
Will it be possible for Kevin to prove that a violation has occured, and if so, how? Will the Clinic deny this ever happened? Will the Clinic try to hide this? Since the Clinic did not really know something was wrong can they really be responsible for what happened?
OK, but who will be guilty? Only Joe? The clinic will not be guilty?
The procedure in the clinic would be to send the records only to the address in Kevin’s file. If Joe wants to get his own address into the file, he would have to send a signed request, forging Kevin’s (or other authorized) signature. Forgery is a felony. People go to jail for that.
If the clinic sends personal medical information to the wrong address, or to an address without permission of the patient, yes that would violate HIPAA. Joe would be guilty of fraud. Clinic would be guilty of HIPAA violations and somebody could go to prison for it, although it is usually only a fine of $1,000 per file (or $10,000 per file, if the clinic didn’t have procedures to comply with HIPAA).
Case last April where a surgeon ACCESSED records of patients he wasn’t treating. Sentenced to four months in prison, even though he wasn’t selling the information or using it for anything but curiosity.
jerry10-21-2010nr1.wmv
