HIPAA: Food for Thought

EVENT

HIPAA is the Health Information Portability and Accountability Act, passed by congress in 2001, and implemented in 2002.
Two accidental infractions can denote a $10,000 fine. One deliberate infraction denotes a much higher fine, I believe $25,000.

Suppose I am scheduling an appointment with pt. X in the waiting area, and I confirm the patient’s address, saying: “Do you still live at 4222 E. Argyle St.”
This is a violation of HIPAA. All applicable fees apply.

Suppose I am calling a patient into the back room from the waiting area, and instead of saying, “Alan, the doctor will see you now,” I say, “Mr. Johnston, the doctor will see you now.”
This is a violation of HIPAA. All applicable fees apply.

Suppose I am confirming an appointment by phone with pt. Y, who has recently decided to go on/off birth control. I receive her husband on the phone. I say: “I am calling to confirm Valerie’s appointment with Dr. Halburn this Monday.” He takes a message, and we hang up.
This is fully compliant with HIPAA. Nothing prevents Pt. Y’s husband from determining what sort of a doctor Dr. Halburn is, and speculating on the nature of her appointment. Neither myself nor my department is accountable in any way for the fact that he has received sensitive medical information with neither Pt. Y’s consent nor her knowledge.

There’s all the difference in the world between the appearance of security, and security.

~ Connor

Leave a Comment