HIPAA Horror Stories

Almost a HIPAA Hero

one-minute read

An exasperated doctor talked to a reporter who called to ask about a patient complaint. But they shouldn’t have!

The doctor was warned by the practice’s HIPAA Privacy Officer not to talk to the media but ignored the advice and paid the price.

Allergy Associates of Hartford, P.C. (Allergy Associates) agreed to pay $125,000 to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) and to adopt a corrective action plan to settle potential violations of the HIPAA Privacy Rule. Allergy Associates is a health care practice that specializes in treating individuals with allergies, and is comprised of three doctors at four locations across Connecticut. The case was settled in 2018.

Patients May Disclose Their Own Information, but Their Doctors May Not

The frustrated patient, unhappy with their doctor, contacted a local television station to speak about a dispute that had occurred between the patient and the Allergy Associates’ doctor. The reporter then contacted the doctor for comment and the doctor impermissibly disclosed the patient’s protected health information (PHI) to the reporter.

The doctor may have been under the impression that since the patient first disclosed their own information that they had consented to the later disclosure by the doctor. This is not true. Patients may discuss their own PHI publicly, but the covered entities and business associates involved in their care must follow HIPAA and maintain the privacy and security of the patient unless the patient expressly authorizes such a disclosure.

Remember too, that PHI is defined very broadly – it does not need to contain a diagnosis, or symptoms. Simply acknowledging the name of a patient, or confirming that a certain person is a patient at a health care facility, is an impermissible disclosure of PHI. Review the 18 “identifiers” of PHI here.

Privacy Officers are Guardians of Patient Privacy and Your Organization’s Reputation

The “almost-Hero” of this story is the Privacy Officer who knew the law and tried to prevent this breach. The Privacy Officer is in charge of the HIPAA compliance program and the person to ask, the person to listen to, when it comes to maintaining compliance.

If the exasperated doctor who was frustrated with the situation had listened and followed the advice of the Privacy Officer, they would have preserved the practice’s reputation and avoided the $125,00 fine.

Every Question is Answered in The HIPAA E-Tool®

Privacy Officers can rely on The HIPAA E-Tool® for answers to all their questions, with legal citations to back up the policies, if needed. There is no reason to make this kind of mistake when help is available – affordable, trustworthy and up-to-date. Become a HIPAA Hero with back up from The HIPAA E-Tool®.

The HIPAA E-Tool® makes compliance fast and easy. Get your free HIPAA Quick Start kit, complete with a webcam privacy guard, HIPAA Hot Zone labels and a HIPAA checklist delivered directly to your office.

Don’t become a HIPAA Horror Story! HIPAA compliance is easy, when you know the rules.

Request A Demo

Copyright © 2021 ET&C Group LLC.

The HIPAA E-Tool® and Protecting Patient Privacy is Our Job®
are registered trademarks of ET&C Group LLC

Terms of Service | Privacy Policy

Powered by JEMSU

Mailing Address
The HIPAA E-Tool
PO Box 179104
St. Louis, MO 63117-9104

8820 Ladue Road Suite 200
St. Louis, MO 63124

You may have questions about COVID-19 and HIPAA. We have answers. 

We are open and answering questions about all the new modifications and waivers, coming from HHS, OCR, CMS, and the new CARES act.

If you need help with HIPAA during the COVID-19 pandemic, fill in the form, and we’ll get back to you.

Free hipaa kit!

hipaa compliance Quick start kit
Delivered free