Category:

HIPAA & Health Information

When Selfies Go Wrong

On September 25th, a former Okaloosa County, Florida paramedic, Christopher Wimmer, was sentenced to six months jail time and three years’ probation for taking “selfies” with incapacitated victims in ambulances last year and sending them to a co-worker. He and his co-worker, Kaylee Renee Dubois, were engaged in a “selfie war” with each other and snapped images and videos of patients in ambulances who were unconscious, sedated, intoxicated, or incapacitated. In total, 101 photos, 64 videos, and 41 patients were photographed or recorded during the so-called war, and a mere three patients consented to photographs being taken of them. Employees’ missteps with the privacy rights of patients have a negative lasting effect on their employer, their own career, and their patients.

Privacy in Insecurity

Though the rain has stopped falling, Houston is still dealing with the aftermath of Hurricane Harvey, one of the largest and most destructive rainfall events on record. Healthcare providers in particular find themselves struggling to keep up with the various health problems caused by the flooding itself, on top of getting life-sustaining care to individuals with chronic or preexisting conditions. Crises like Harvey create serious problems for the delivery of care, but also for regulating it—circumstances are so uniquely devastating that standards can feel like barriers to necessary medical attention. And when family and friends are desperate to know if their loved one is out of danger, even the right of privacy seems negligible.

However, natural disasters and emergency events shouldn’t be used as an excuse to regulate away protections individuals depend on, such as the privacy and confidentiality of their personal information. Regulators must be careful when determining how to respond in a crisis—overreaching for the sake of bringing relief or under-regulating for flexibility can leave the public high and dry when the floodwaters recede.

HIPAA Punctuality: Always Insist On It In Your Subordinates

In an unprecedented act, the Office for Civil Rights (OCR) entered into a settlement agreement with Presence Health Network based on the healthcare system’s failure to timely report a breach of unsecured protected health information (PHI). Under the Breach Notification Rule of the Health Insurance Portability and Accountability Act (HIPAA) a covered entity must notify affected individuals, the Department of Health and Human Services (HHS), and the media for breaches affecting 500 people or more. Presence Health will pay $475,000 and implement a corrective action plan (CAP) to address misunderstandings in workforce member roles and responsibilities relating to the notification process.

OCR Audits Subject To Phishing Hack

Christine Bulgozdi Associate Editor Loyola University Chicago School of Law, JD 2018   Back in November, the Department of Human Services (HHS) Office of Civil Rights (OCR) released an alert stating that a phishing scam masquerading as an OCR Audit had been spotted being sent out to Health Information Portability and Accountability Act (HIPAA) covered …
Read more

When Policies and Procedures Are Just Not Enough: Memorial Healthcare System Settlement

Alexander Thompson Associate Editor Loyola University Chicago School of Law, JD 2018   On February 16, 2017, the HHS Office of Civil Rights Acting Director, Robinsue Frohboese, announced the second largest HIPAA settlement fine ever. At $5.50 million, Memorial Healthcare System’s fine was just behind the $5.55 million given to Advocate Healthcare in 2016. Memorial …
Read more

Curing the Risk of Improper Social Media Use Amongst Health Care Professionals

Mary H. Carlson Associate Editor Loyola University Chicago School of Law, JD 2018   Social media has emerged as a preferred platform for the expression of personal opinions, a means of gathering new information, and as an important networking tool. However, health care profs subject themselves to particular dangers health care professionals (HCPs) subject themselves …
Read more

Protected Health Information: Has it been Compromised?

Ryan Whitney Managing Editor Loyola University Chicago School of Law, JD 2017   HIPAA breaches occur on a daily basis. Although undesirable, many of these breaches are not serious enough to require patient notification. But others are more egregious and can cause harm to both the patient and the providing entity. This article outlines a …
Read more

Joint Guidance Confirms the Sharing of Health Information Subject to FTC Regulations, Not Only HIPAA

Logan Parker Privacy Editor Loyola University Chicago School of Law, LL.M. in Health Law 2017   On October 22, 2016, the Federal Trade Commission (“FTC”) in collaboration and conjunction with the Department of Health and Human Services’ Office for Civil Rights (“OCR”) released new guidance on key privacy and security considerations for organizations handling health …
Read more

HHS Finalizes Substance Abuse Patient Record Sharing Rule

Fannie Fang Executive Editor Loyola University Chicago School of Law, JD 2017    On January 18, 2017, the Department of Health and Human Services (“HHS”) issued a final rule to update and improve the Confidentiality of Alcohol and Drug Abuse Patient Records regulations, known as 42 CFR Part 2 (“Part 2”). The purpose of the …
Read more

Advocate Settles with OCR for $5.55 Million, Officially the Highest Single HIPAA Violation Settlement to Date

Fannie Fang Executive Editor Loyola University Chicago School of Law, JD 2017   The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently agreed to a settlement with Advocate Health Care Network (Advocate), the largest health systems in the Chicago area. In the settlement, Advocate agreed to pay a sum of …
Read more