Sometimes HIPAA Violations Involve Technology, But Technology Is Not At Fault.

by

May 28, 2014

Our job as your trusted IT and Healthcare technology company is to help our clients comply with HIPAA regulations. We also strive to educate our clients and their employees on the importance of protecting patient privacy.

We do this by using examples of HIPAA violations to help our clients understand some of the concepts of HIPAA such as:

  • What is protected health information (PHI)?
  • What is a system auditing and system activity review?
  • What is the consequence of a breach to a patient’s privacy?
  • How can we prevent breaches from occurring?

The bottom line is that HIPAA compliance is driven by the fear of financial penalties.

When we speak with representatives of various organizations about HIPAA compliance, the topics of fines, audits and the cost of breaches usually dominates the conversation. It seems that a large majority of organizations are driven by the fear of HIPAA penalties, rather than the fear of breaching patients’ privacy.

While this might not be true for all organizations, unfortunately fear of fines drives many to start thinking about HIPAA compliance.

When a real-life privacy breach hits the headlines, it’s important that you take a step back and use the information as a lesson learned to prevent similar breaches from occurring at your organization.

This is the perfect example of an individual who has had their privacy breached:

A man, identified as John Doe, who was HIV-positive, was admitted to Advocate Sherman Hospital.  One of his neighbors, William Zagalak, looked up his medical record. Zagalak then told others that John Doe was HIV-positive. A lawsuit against Zagalak contends that, as a result of John Doe’s privacy breach, he was the target of ridicule and hate crimes, and was ostracized by his community.

The suit contends that William Zagalak, then a respiratory care specialist at Advocate Sherman Hospital in Elgin, looked up the man’s medical records without authorization, and shared that information with Zagalak’s wife, co-workers and neighbors. As a result, Zagalak no longer works at Sherman.

  • Doe alleges that he believes Zagalak went through his medical records and learned of his medical condition.
  • He then proceeded to share that information with others, including Doe’s neighbors.
  • Doe says he contacted hospital administrators in the fall of 2013 about the incident.
  • A letter, written in September 2013 by a Sherman Advocate privacy specialist confirmed that Doe’s medical account had been improperly accessed and, more specifically, that Zagalak had viewed Doe’s records without authorization for approximately two minutes on Jan. 20.
  • The letter stated that Zagalak was no longer employed with the hospital.

According to a lawsuit filed May 9 in Kane County court, John Doe had “become a target for ridicule and hate crimes” and had been as been “ostracized by the community” because of the disclosure.

The Real Impact of Privacy Breaches

It’s stories like this that reveal the real impact of breaches to a patient’s privacy. These organizations were fined due to lost laptops with unprotected PHI. While the fines are disastrous, the real impact of these breaches to patient privacy is usually never known. Unfortunately it typically results in financial harm to a patient, or blackmail that damages their reputation.

Every organization that is responsible for handling patient information should take notice. By understanding the real impact of a breach to a patient’s privacy, we can prevent similar breaches from occurring. Policies must be put in place to prevent this type of privacy breach from ever occurring.

We're Integris. We're always working to empower people through technology.

Keep reading

What Are Best Practices for Managing IT Projects?

What Are Best Practices for Managing IT Projects?

What Are Best Practices for Managing IT Projects? The Quick Take Managing IT projects effectively is crucial for ensuring success and maximizing ROI. Here are the best practices to follow: Define Clear Objectives and Scope: Set specific, measurable, achievable,...

What Is The Future of Managed IT Services?

What Is The Future of Managed IT Services?

What Is the Future of Managed IT Services? The Quick Take: The future of managed IT services for small and medium-sized businesses is bright, with the market expected to grow from $1.735 trillion to $2.173 trillion by 2028. Key trends driving this growth include:...

The Regulatory Outlook for 2025 and What That Means for Banking IT

The Regulatory Outlook for 2025 and What That Means for Banking IT

With a new administration coming in, 2025 promises to be a year of change. But will it significantly impact banking regulation and your bank’s cybersecurity? No one has a crystal ball, of course, but recent global outlooks for the banking industry seem to point to two...