The Security Scrutinizer with Howard Anderson

HIPAA Indictment: Compliance Catalyst?

High-Profile Case Could Renew Awareness of Privacy Rule

The U.S. Attorney's Office for the Eastern District of Virginia says a federal grand jury has indicted a physician who is alleged to have provided health information about a patient he treated for mental illness to an agent of the patient's employer, without obtaining the patient's authorization. And that's a serious allegation, to be sure.

The prosecutors say the physician "made the unauthorized disclosure under the false pretenses that the patient was a serious and imminent threat to the safety of the public, when, in fact, he knew that the patient was not such a threat."

When's the last time your organization educated clinicians about the HIPAA privacy requirements? 

If convicted, the physician could face a maximum penalty of five years in prison. His attorney told a local news website that the doctor plans to plead not guilty in the HIPAA case.

If the physician is convicted, a stiff prison sentence would send a strong signal about the importance of abiding by HIPAA.

In the meantime, when's the last time your organization educated clinicians about the HIPAA privacy requirements? You might want to double-check.

About the Author

Howard Anderson

Howard Anderson

News Editor, ISMG

Anderson is news editor of Information Security Media Group and was founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.