When it comes to journalists and the HIPAA Privacy Rule, “no comment” is the best response
A Connecticut Allergy practice was hit with a $125,000 charge after one of its physicians identified a patient to news media.
After being instructed by Allergy Associates of Hartford’s own privacy officer to keep quiet about a complaint lodged by a patient, one physician couldn’t resist. When a local news called, the doc responded by identifying the unhappy patient by name, in violation of the HIPAA Privacy Rule.
The Feds Are Serious About the HIPAA Privacy Rule
The Office for Civil Rights, the federal government agency that investigates alleged HIPAA violations, came down hard on the Allergy Associates, calling the disclosure “a reckless disregard for the patient’s privacy rights.”
It appears the feds were further offended upon learning the physician had been specifically warned by the Allergy Associates designated Privacy Officer to ignore the reporter’s request for a response or simply say “no comment.”
HIPAA Privacy Rule violators face years of scrutiny
In addition to the fine, Allergy Associates must undergo two years of expensive and time-consuming corrective action. The OCR said, in its press release, the settlement is neither an admission of guilt nor an admission that a crime was committed.
“When a patient complains about a medical practice, doctors cannot respond by disclosing private patient information to the media because egregious disclosures can lead to substantial penalties, covered entities need to pay close attention to HIPAA’s privacy rules, especially when responding to press inquiries.”—Roger Severino, OCR Director
You don’t want to be forced into a corrective action plan by the OCR. Interested in what that might entail? Read the OCR’s forced two-year Allergy Associate corrective action plan here.
If your business doesn’t yet have a HIPAA Privacy Rule-trained Privacy Officer, The HIPAA E-Tool® can help.