HIPAA violation complaint filed against RMC
by Patrick McCreless
Star Staff Writer
Aug 04, 2011 | 7897 views |  0 comments | 11 11 recommendations | email to a friend | print
The Department of Health and Human Services is apparently investigating a complaint that Regional Medical Center violated federal patient privacy laws last year.

An employee in the Office of Civil Rights with Health and Human Services — which enforces the federal law governing patient privacy, known as the Health Insurance Portability and Accountability Act or HIPAA — confirmed Wednesday that an anonymous complaint had been filed in March against RMC.

The employee confirmed an investigation was ongoing, but could not speculate on when it would be concluded.

However, the employee’s name was not provided because the Office of Civil Rights has a policy against releasing information about ongoing investigations.

“The Office of Civil Rights does not discuss whether an entity is under investigation or being considered for an investigation,” Amanda Fine, spokeswoman for Health and Human Services, said in a Wednesday email to The Star.

Fine did say that the findings of any investigation would be sent in writing to the complainant and the entity involved once the case was closed.

RMC CEO David McCormack said during a phone interview Wednesday that he did not know an investigation of the incident by Health and Human Services was under way.

“No, I was not aware of anything,” McCormack said. “I know we didn’t get in trouble or anything.”

The complaint was in reference to an incident that occurred in February 2010 at RMC in which a physician there faxed the names of students involved in a school bus wreck to a local law firm.

After several months of internal investigation, the RMC board in June 2010 reprimanded the doctor — whose name was not released — and forced him to attend a class on the hospital’s private policy procedures.

McCormack had previously told The Star that according to hospital attorneys, while the incident was regrettable, it did not violate HIPAA laws.

The notification Wednesday from the employee in the Office of Civil Rights with HHS was the first indication that an external investigation is under way.

According to the website of the U.S. Department of Health and Human Services, HIPAA protects the distribution of any health information that identifies an individual and that relates to an individual’s past, present or future mental or physical health, the provision of health care to an individual or the past, present or future payment for health care to an individual.

Fine said an organization could face various penalties for violating HIPAA laws, depending on the situation.

For relatively minor incidents, the Department of Health and Human Services Office of Civil Rights forces violators of HIPAA laws to make changes to their privacy practices and other corrective measures.

More serious violations can result in resolution agreements, which are contracts signed between the department and the organization in question. Through the contract, the violator would agree to perform certain obligations and make reports to the department for a period of three years. Also, a resolution agreement typically involves a fine.

To date, since the HIPAA privacy rule was required in April 2003 the department has investigated and resolved more than 13,000 cases that required violators to make privacy policy changes. The department has also so far entered into five resolution agreements.

Star staff writer Patrick McCreless: 256-235-3561.
Comments must be made through Facebook
No personal attacks
No name-calling
No offensive language
Comments must stay on topic
No infringement of copyrighted material

Friends to Follow

Most Recommended

HIPAA violation complaint filed against RMC by Patrick McCreless
Star Staff Writer

Today's Events

event calendar

post a new event

Monday, April 21, 2014