HIPAA & Health Information
On September 25th, a former Okaloosa County, Florida paramedic, Christopher Wimmer, was sentenced to six months jail time and three years’ probation for taking “selfies” with incapacitated victims in ambulances last year and sending them to a co-worker. He and his co-worker, Kaylee Renee Dubois, were engaged in a “selfie war” with each other and snapped images and videos of patients in ambulances who were unconscious, sedated, intoxicated, or incapacitated. In total, 101 photos, 64 videos, and 41 patients were photographed or recorded during the so-called war, and a mere three patients consented to photographs being taken of them. Employees’ missteps with the privacy rights of patients have a negative lasting effect on their employer, their own career, and their patients.
According to data from HHS’ Office of Civil Rights (OCR), healthcare data breaches in 2017 are set to outpace those from 2016. Security experts have determined this increase is due to two factors: getting entry into a system has become easier, and organizations are now more inclined to report breaches. Yet despite the increase in data breaches and the costs of settling with HHS OCR, a majority of healthcare organizations are still only spending 1-6% of their budgets on cybersecurity measures.
Though the rain has stopped falling, Houston is still dealing with the aftermath of Hurricane Harvey, one of the largest and most destructive rainfall events on record. Healthcare providers in particular find themselves struggling to keep up with the various health problems caused by the flooding itself, on top of getting life-sustaining care to individuals with chronic or preexisting conditions. Crises like Harvey create serious problems for the delivery of care, but also for regulating it—circumstances are so uniquely devastating that standards can feel like barriers to necessary medical attention. And when family and friends are desperate to know if their loved one is out of danger, even the right of privacy seems negligible.
However, natural disasters and emergency events shouldn’t be used as an excuse to regulate away protections individuals depend on, such as the privacy and confidentiality of their personal information. Regulators must be careful when determining how to respond in a crisis—overreaching for the sake of bringing relief or under-regulating for flexibility can leave the public high and dry when the floodwaters recede.
Logan Parker Privacy Editor Loyola University Chicago School of Law, LL.M. in Health Law 2017 On October 22, 2016, the Federal Trade Commission (“FTC”) in collaboration and conjunction with the Department of Health and Human Services’ Office for Civil Rights (“OCR”) released new guidance on key privacy and security considerations for organizations handling health …
ADAM C. SOLANDER is a Member of Epstein Becker Green’s Health Care and Life Sciences practice, in the firm’s D.C. office. Mr. Solander advises clients on data breach/cybersecurity issues across industry lines, including compliance with HITECH, HIPAA, PCI, JCAHO, CMS, ISO, NIST, and various other federal, state, and business requirements.
The following is an interview with him discussing the unique cybersecurity challenges facing the healthcare sector, and how the industry can move past HIPAA compliance to a more robust definition of privacy and security.
Amanda Bogle Executive Editor Loyola University Chicago School of Law, JD 2017 When a data breach occurs in an organization, determining whether there is a duty to notify can get complicated quickly. In investigating a breach, the specific facts of the incident become extremely important, as not every breach will require notification. The residency …
Logan Parker Privacy Editor Loyola University Chicago School of Law, LL.M in Health Law 2017 In 2013, Oregon Health & Science University (“OHSU”), Oregon’s only academic health center, reported numerous breaches of unsecured electronic protected health information (“ePHI”), including two breaches within the span of five months. This led to the Office of Civil …