5 HIPAA Violations to Know
Compliance with HIPAA can be complex. Examples of violations, or “HIPAA stories,” may make requirements more understandable. Here are some of those stories:
Nurse’s Licenses Suspended
In this case, a nurse took a list of more than three thousand patients from a former to a new employer. The list included patients’ names, addresses, dates of birth and diagnoses. The nurse asked for the information in order to help ensure continuity of care, but did not receive permission from her former employer or patients to give this information to her new employer. The nurse admitted to the state nursing board that she violated HIPAA. The nurse lost her license for one year and was placed on three years of probation.
Nurse Posted Disturbing Photos of Patient on Social Media
The nurse in this case worked in the neonatal care unit. She posted pictures on her social media account of a baby born with a birth defect, called gastroschisis, which exposed the baby’s intestines. Captions under the posted pictures read:
“My night was going great then boom!”
“Your intestines posed [sic] to be inside not outside baby.”
The nurse was fired.
Violation by Home Care/Private Duty Employees
An employee of a national franchise home care or private duty company was fired and another employee was reprimanded after violating a client’s right to privacy. Details of the violations are not available because the national franchise company signed a settlement agreement with the client that included a non-disclosure agreement.
Doctor Sentenced to Jail
The doctor in this case took a research position with a large health system for which he was not well-suited. His performance reviews were poor and he was ultimately given notice of termination of his employment. The doctor then began to spend his remaining days at the health system looking at patient records; including records of his immediate supervisor; many of his colleagues; and high-profile patients, such as well-known movie stars, televisions personalities and public officials. He viewed patient records more than three hundred times.
The information the doctor obtained was never shared with anyone. He was, nonetheless, charged with a misdemeanor. He was sentenced to four months in prison followed by a year of supervised release and was fined $2,000. The doctor’s appeal was denied.
Employees Indicted By Federal Grand Jury
Five former employees of a hospital, including a recently licensed registered nurse, were indicted by a federal grand jury for allegedly selling medical information about car accident victims to personal injury attorneys and chiropractors. This case is still pending. The purchaser of the information faces up to seventy years in prison and a fine of $1.75 million plus supervised release. Employees of the hospital who sold information each face a maximum penalty of one year in prison, a fine of $50,000 and one year of supervised release.
These stories certainly make it clear that, the despite the complexities of HIPAA, the stakes are high!
Elizabeth Hogue is an attorney in private practice with extensive experience in health care. She represents clients across the U.S., including professional associations, managed care providers, hospitals, long-term care facilities, home health agencies, durable medical equipment companies, and hospices.