On May 10, 2017, the U.S. Health and Human Services Department Office for Civil Rights (OCR) announced an agreement whereby Memorial Hermann Health System (MHHS) will pay a $2.4 million penalty for releasing a patient’s name in a press release. According to the resolution agreement, in September 2015, a patient at an MHHS clinic presented an allegedly fraudulent identification card to office staff. The staff notified law enforcement and the patient was arrested. Although notification to law enforcement did not violate the HIPAA rules, it wa a violation to include the patient’s name in the title of a press release regarding the incident and to disclose the patient's protected health information (PHI) during meetings with an advocacy group, state representatives, and a state senator, in response to the events.
There are a number of lessons to be learned from this settlement:
- Confirm that senior management, as well as workforce members and subcontractors, understand the HIPAA rules.
- Thoroughly train press and communications personnel to be alert for information that is protected by HIPAA and must not be disclosed.
- Review and regularly update HIPAA policies and procedures.
- Obtain patient consent before disclosing patient names on a website or in a press release.
- Do not discuss patient PHI with the media or public officials without patient consent.
- Be sure to document, in a timely manner, any sanctions imposed upon workforce members who fail to comply with the entity’s privacy policies and procedures or violate the HIPAA rules.
The consequences of a HIPAA violation can be severe, so any entity that handles PHI should be diligent in HIPAA compliance.
Our Health Law Ticker is a one-stop resource for everything new and noteworthy in healthcare law. We cover recent developments in healthcare legislation, healthcare reform, Medicare/Medicaid, managed care, litigation, regulatory compliance, HIPAA, privacy, peer review, medical staffs and general business operations for healthcare companies and licensed healthcare professionals.
Stay ConnectedRSS Feed
- Affordable Care Act
- Allied Health Professionals
- Ambulatory Surgery Centers
- Bipartisan Budget Act
- Civil Monetary Penalties
- Electronic Health Records
- Employment Law
- False Claims Act
- Fraud and Abuse
- Healthcare Litigation
- Healthcare Technology
- HIPAA's Minimum Necessary Rule
- Hospitals and Health Facilities
- Independent Practice Associations
- Medical Board
- Medical Groups
- Medical Staffs
- Pain Assessment and Managment
- Payment and Reimbursement
- Peer Review
- Physician Management Companies
- Professional Licensing
- Protected Health Information
- Public Policy
- Sexual Harassment
- State Law
- Workplace Harassment