HIPAA Horror Stories

The Felonious Fax

one-minute read

Hospital Outs HIV Patient in Stunning Privacy Rule Breach

A major hospital in one of the biggest cities in the world should have known how to handle medical records of its most vulnerable patients. A careless Privacy Rule breach cost a patient his privacy and the hospital $387,000 in penalties.

It all started with an HIV-positive patient sought treatment at New York’s St. Luke’s-Roosevelt Hospital Center. The hospital staff is known for its care of HIV patients and performs a thorough interview with all those who seek care.

Part of St. Luke’s intake process is to establish a general physical and mental health screening, a record of which is mailed to an address of the patient’s choice.

Hospital faxes sexual and mental health details to employer

One of St. Luke’s patients provided a thorough history to his intake coordinator, listing sexual history, sexual orientation, mental health issues, medications and history of physical abuse. He provided his personal post box address for any correspondence.

Rather than send the medical records to the post office box, however, St. Luke’s faxed the documents to the patient’s employer, resulting in a major Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule breach.

One Privacy Rule Breach leads to another

The patient became aware of the Privacy Rule breach and notified the Department of Health and Human Services (HHS). The Office for Civil Rights (OCR), the HHS agency tasked with investigating HIPAA violations, found that St. Luke’s had violated the Privacy Rule. As usual, during its investigation, the OCR discovered another, similar violation.

St. Luke’s settled the case for $387,000 and agreed to a lengthy Corrective Action Plan

Are you at risk for a Privacy Rule Breach?

Is your organization respecting patient communication preferences? If you’re not confident with your process, we’re here to help.

The HIPAA E-Tool® makes compliance fast and easy. Get your free HIPAA Quick Start kit, complete with a webcam privacy guard, HIPAA Hot Zone labels and a HIPAA checklist delivered directly to your office.

Don’t become a HIPAA Horror Story! HIPAA compliance is easy, when you know the rules.

Request A Demo

Copyright © 2020 ET&C Group LLC.

The HIPAA E-Tool® and Protecting Patient Privacy is Our Job®
are registered trademarks of ET&C Group LLC

3534 Washington Avenue, Saint Louis, MO 63103
Terms of Service | Privacy Policy

Powered by JEMSU

You may have questions about COVID-19 and HIPAA. We have answers. 

We are open and answering questions about all the new modifications and waivers, coming from HHS, OCR, CMS, and the new CARES act.

If you need help with HIPAA during the COVID-19 pandemic, fill in the form, and we’ll get back to you.

Free hipaa kit!

hipaa compliance Quick start kit
Delivered free