Thursday, October 20, 2016

InfoScary (Part 4b) : Medical Issues, Personal Details (Compromised)

While no law firm is mentioned, this update certainly brings the risks of PHI and HIPAA compliance into view: "Another Way to Violate Privacy: PHI in Court Documents" --
  • "A recent court ruling illustrates yet another way patient privacy can be compromised. A federal court slapped WakeMed Health and Hospitals, a North Carolina healthcare system, with financial penalties for exposing patient information in filings it made for cases."
  • "The court also ordered WakeMed to send breach notification letters and offer one year of free credit monitoring to potentially thousands of adults and minors whose Social Security numbers or full dates of birth were included in court documents the healthcare organization filed between December 2007 and December 2015."
  • "Those documents, which were publicly available online via a subscription-based court records system, were filed in WakeMed's attempt to seek payment for debts allegedly owed by patients who had filed for bankruptcy protection."
  • "'There is a real tension between some 'public records' laws related to court filings and other kinds of laws,' says privacy attorney Kirk Nahra of the law firm Wiley Rein. 'Major advice is to always be incredibly careful whenever you are disclosing any kind of patient information in any kind of public setting - it is possible that you need to do it, but usually there is a better way.'"
  • "'The HIPAA training did not cover bankruptcy claims filing,' the court ruling states. 'Ms. Soles also had no supervision with respect to filing claims, and testified that no one else in her department knew how to file bankruptcy claims. There was no audit system in place, and Ms. Soles had no direct contact with the legal department of WakeMed.'"

No comments:

Post a Comment