HIPAA Horror Stories

Right Patient, Wrong Kidney

one-minute read

Imagine awaking from surgery to learn that you received the wrong kidney at the wrong time. Or, as you waited for your transplant expecting to go into surgery, you learned the kidney intended for you went to someone else. This is what happened to two patients at University Hospitals Cleveland Medical Center.

The hospital is now investigating how the the mix-up happened and two caregivers have been placed on administrative leave.

The hospital issued a statement:

“We are dismayed that an error recently occurred resulting in one patient receiving a kidney intended for another. The kidney is compatible and the patient is recovering as expected. Another patient’s transplant surgery has been delayed.”

Although what exactly happened to cause this mix-up is not yet known, this horror story brings into focus two of the three basic HIPAA elements that are often overlooked – availability and integrity of protected health information (PHI).  Most people think about the other element, confidentiality, when they think about HIPAA.

HIPAA Security Rule

The purpose of the HIPAA Security Rule is to maintain the confidentiality, availability and integrity of protected health information.

So a kidney transplant that went terribly wrong is certainly a HIPAA horror story even though it’s not about a loss of confidentiality or privacy. The hospital fails compliance with the HIPAA Security Rule on at least one, if not both of the other two elements – availability and integrity.

An obvious failing was that the medical personnel performing the kidney transplant did not have available the correct information about the patient who was to receive the kidney. The patient’s correct information should be accessible and usable to be available. It is less obvious, based on reports so far, whether either patient’s records had been lost, destroyed or altered in any way. If so, the protected health information did not have integrity. 

Quality Care Depends on HIPAA Compliance

Patients trust that covered entities will protect their health information, ensure its accuracy, and prevent it from being altered or lost. Even without HIPAA, these are basic concepts for quality care. When HIPAA requirements are not met, not only is patient trust lost, but covered entities can face investigations and fines from the Office for Civil Rights (OCR) which enforces HIPAA.

The HIPAA E-Tool® makes compliance fast and easy. Get your free HIPAA Quick Start kit, complete with a webcam privacy guard, HIPAA Hot Zone labels and a HIPAA checklist delivered directly to your office.

Don’t become a HIPAA Horror Story! HIPAA compliance is easy, when you know the rules.

Request A Demo

Copyright © 2021 ET&C Group LLC.

The HIPAA E-Tool® and Protecting Patient Privacy is Our Job®
are registered trademarks of ET&C Group LLC

Terms of Service | Privacy Policy

Mailing Address
The HIPAA E-Tool
PO Box 179104
St. Louis, MO 63117-9104

8820 Ladue Road Suite 200
St. Louis, MO 63124

Free hipaa kit!

hipaa compliance Quick start kit
Delivered free