Tuesday, October 20, 2009

HIPAA Violations Lead to Lawsuit

Updated 3/2017-- all links (except to my own posts) removed as many no longer active. and it was easier than checking each one. 

It’s been a year since Anne Pressly, 26, was found beaten bloody and unconscious in her bed by her mother, Patricia Cannady.   Pressly was a well respected, well loved news reporter who worked for KATV, Channel 7.  She never recovered from her injuries and died on Oct. 25.
Cannady is has filed a lawsuit claiming her daughters privacy (under HIPAA) was violated.  The suit names St. Vincent Infirmary Medical Center, Dr. Jay Holland, Candida Griffin, and Sara Elizabeth Miller.
Anne Pressly's Mom Sues Hospital, Dr., Others by Monika Rued; October 21, 2009; KTHV.com
The lawsuit by Patricia Cannady claims they violated Pressly's privacy by illegally looking at her medical records….
Cannady's lawsuit says the actions of the three were extreme and outrageous. It also accuses the hospital of failing to have a system that keeps employees and doctors from illegally accessing medical records.
St. Vincent's issued a statement saying it stands by its safeguards and how the situation was handled.
Pressly’s mother suing 3, hospital:  Daughter’s privacy violated, she says By John Lynch; October 21, 2009; ArkansasOnline.com (subscription required)
The hospital has acknowledged firing at least six employees for violating Pressly’s privacy but won’t say exactly how many, and officials on Monday would release only a three-sentence statement defending the hospital.
“We take every patient’s privacy seriously,” the statement from spokesman Margaret Preston reads. “We stand by our commitment to patient privacy, our safeguards and how we handled this situation.”
Jay Holland, a doctor who worked at the hospital; Candida Griffin, a former emergency-room coordinator; and Sara Elizabeth Miller, a former account representative, are targets of Cannady’s lawsuit. The three have each pleaded guilty in federal court to a single misdemeanor count of violating federal health privacy laws, known as the Health Insurance Portability and Accountability Act of 1996. They each face a maximum of year in jail and a $50,000 fine when they are sentenced next Monday.
Griffin and Miller were fired, acknowledging in their June court appearance that they looked at Pressly’s records out of curiosity during the first two days of her stay in the emergency room before she was moved to intensive care.

Previous related post:
Don’t Forget HIPAA Privacy Rules (July 2, 2009)

Addendum (October 25, 2009)
Sentences were handed out today to the three convicted of HIPAA violations as follows:
A federal judge has sentenced a doctor and two former hospital employees to a year of probation after they admitted breaking federal privacy laws by peeking at the medical records of KATV's Anne Pressly.
Dr. Jay Holland was also fined $5,000 and ordered to perform 50 hours of community service by speaking to medical workers about the importance of patient privacy.
Candida Griffin, a former emergency room unit coordinator at St. Vincent Health System, was fined $1,500, while Sarah Elizabeth Miller, a former account representative at St. Vincent Medical Center in Sherwood, received a $2,500 fine.

11 comments:

Anonymous said...

Unfortunately, HIPAA does not provide for private actions for violations. If there was a violation, then under the law, only the Office for Civil Rights may bring an action on behalf of the patient. The new HITECH act extends HIPAA to allow the states' attorney general to also bring actions, but private individuals may not bring an action under HIPAA. Of course, other privacy laws may well apply.

Michael Guzzo said...

Hmmm.. unusual. Of what I found out about the incident, it doesn't look like any of the "peekers" profited from that information, but did it just out of curiosity.

I wonder how the Pressly family even found out about it? Not that what they did isn't wrong, but why the heavy-handed treatment? I wonder who turned them in? It'll be interesting to see what happens.

rlbates said...

Guzzo, no one is reported to have profited from "looking" but reportedly did so just out of curiosity. The hospital found the "peekers" on their routine checks of the high-profile case. It snowballed from there.

Anonymous said...

Curious how this would apply to students. As a current medical student. zero pts are listed under "my" name. I lok up several pts under different doctor's names. I am curious if a high profile, yet interesting case may someday end up in the media as well?

rlbates said...

Anonymous (10-27-09), if you have no need to check a patient's records you should refrain from doing so. Hopefully, your school is teaching HIPAA and privacy rules before putting you on the wards. If you have an ID on the hospital network, the electronic tags would ID you as having accessed a record.

Anonymous said...

Anonymous:
Curious how this would apply to students. As a current medical student. zero pts are listed under "my" name.
Response from rlbates:
if you have no need to check a patient's records you should refrain from doing so.
-----------------------------------
Medical students and those in training walk a fine line. Trainees should be involved in as many "interesting" cases as they possibly can - there is no other way to learn; Indeed one benefit touted by many of the larger academic institutions is the volume of rare and teachable cases. That being said, medically "interesting" is not the same as socially "interesting," and good judgement must be used in case selection. My take would be that if you could justify your looking at any case on purely medical grounds, you're fairly safe.

Unknown said...

I have worked at a Mjr city hospital and have seen first hand how HIPAA is handled and mishandled.
They are very tough on high profile persons and have fired at least one md for it.
I just dont understand how the mom was able to sue- I feel that the people who lost their job did receive punishment--did they really need more...they admitted guilt and the action was taken--i would really like to know how they abused theknowledge they aquired and if that was part of the trial...interesting and probably long overdue...will this start a trend- probably only with high profile VRP's...not with the regular joe's like us...no one will notice, and no one will care...

Anonymous said...

I need to find a lawyer for a hipaa violation case in MD. Any suggestions? A nurse who used to be married to my fiance shared my information with malicious intent. Apparently she has been fired, not sure, but i feel i have a case against the hospital and against her.

rlbates said...

Anon (12-21-09), sorry but no. Don't know which lawyer you should contact.

Mike said...

Yes it is true due to lack of knowledge and proper HIPAA Training, many of the hospital as well as covered entity staff gets in such a situation of violating HIPAA security and privacy laws. The breaching of vital patient information happens, and this will happen as long as a proper HIPAA training is not provided to the concern person handling the patient information. It is having said that many of the hospital staff including the doctors are unaware about the hipaa security and privacy law and accidentally breach out the vital patient information, and to avoid such incidence HIPAA Training is only one of the most important option. So if he or she is a doctor, nurse, MT or any concern person handling the patient information, he/she has to go through the HIPAA Training. Here is one of the website http://hipaatraining.net/ that can help healthcare organization, covered entities as well as individual seeking HIPAA Training

Anonymous said...

All of you are concerned as to how you have the right to view patient files. What none of you understand is how violated you feel when your medical information has been accessed by those that have not been assigned by your case. You they should come down hard. These people had no reason to look up the case, come on an accounting rep??? If everyone isn't held by the same standards, then none of the medical professionals will understand there are consequences to there actions. Personally, I have been violated and the information became public fact. If students need to access "special" cases for training, then they should only be able to access the subject information, not the patient's name. So, all of you need to step inside the patient's shows and think how you would feel if it was your personal medical information that was being thrown around! We are suppose to be able to trust each and every one of you, and we expect your respect to our information.....