HIPAA Indictment: Compliance Catalyst?
High-Profile Case Could Renew Awareness of Privacy RuleWe've often said that if authorities initiated more high-profile legal actions against alleged HIPAA violators, it would go a long way toward boosting compliance. So we're glad to see that federal prosecutors in Virginia have announced an indictment in a case that alleges a particularly heinous HIPAA Privacy Rule violation.
The U.S. Attorney's Office for the Eastern District of Virginia says a federal grand jury has indicted a physician who is alleged to have provided health information about a patient he treated for mental illness to an agent of the patient's employer, without obtaining the patient's authorization. And that's a serious allegation, to be sure.
The prosecutors say the physician "made the unauthorized disclosure under the false pretenses that the patient was a serious and imminent threat to the safety of the public, when, in fact, he knew that the patient was not such a threat."
If convicted, the physician could face a maximum penalty of five years in prison. His attorney told a local news website that the doctor plans to plead not guilty in the HIPAA case.
If the physician is convicted, a stiff prison sentence would send a strong signal about the importance of abiding by HIPAA.
In the meantime, when's the last time your organization educated clinicians about the HIPAA privacy requirements? You might want to double-check.