While browsing the Goodwill tweeter @Potato_Chip found a box of Journal of American Medical Associations. A sweet find for an MD/PhD student right? Unfortunately, it turned out to be bittersweet for the healthcare industry and patient advocates everywhere. In that very same box were discarded drugs, prescription pads, and ultra sound records. Many of these records, including ultrasounds, had patient identifiers or protected health information (PHI) intact.
Finding any of these items individually is an bad enough, but the combination of them that were apparently donated. Throwing them away without properly removing identification and having them accidentally discovered would be bad enough, but these were actually given to Goodwill where the intent is for the items to be used.
I’m embarrassed for the medical practice that allowed this to happen but I feel they are very much liable for the fines that they are potentially facing. As a nurse, I cannot imagine ever letting something like this occur on my watch. I understand that accidents and mistakes happen, but this looks like a clear case of neglect.
Penalties for HIPAA Violations:
|For violations occurring prior to 2/18/2009||For violations occurring on or after 2/18/2009|
Up to $100 per violation
$100 to $50,000 or more per violation
|Calendar Year Cap||$25,000||
For all the patients who have ultrasounds that were carelessly discarded with their information intact, I hope that medical practice is fined the maximum amount.I am sick to my stomach to think that there are medical practices that are ignorant to the laws that protect the patients they serve.
If they are careless enough to discard drugs, prescription pads (which can be forged to get controlled substances), and patient medical records, then I cannot even imagine how careless they are with their patients.
The tweeter stated she was going to turn the box over to the police. I also suggested she file a complaint of a HIPAA violation with HHS.gov. Whether you are a healthcare provider or not, you cannot deny the fact that we are all patients. It is up to everyone one of us to protect patient’s rights,your rights, and report violations that we discover.
The Standards for Privacy of Individually Identifiable Health Information (“Privacy Rule”) establishes, for the first time, a set of national standards for the protection of certain health information. The U.S. Department of Health and Human Services (“HHS”) issued the Privacy Rule to implement the requirement of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).1 The Privacy Rule standards address the use and disclosure of individuals’ health information—called “protected health information” by organizations subject to the Privacy Rule — called “covered entities,” as well as standards for individuals’ privacy rights to understand and control how their health information is used. Within HHS, the Office for Civil Rights (“OCR”) has responsibility for implementing and enforcing the Privacy Rule with respect to voluntary compliance activities and civil money penalties.
More information about HIPAA: Summary of the HIPAA Privacy Rule
Download Nurse Bingo Today!
Liven up any shift with a fun game of bingo. See who can fill a row first!
Fill a whole card and lose grip with reality.