ADVANCE Perspective: HIM : privacy violations

FTC Probes CVS

Cheryl McEvoy — Fri, 06 Nov 2009 14:51:00 GMT

Your friendly neighborhood drug store--OK, more like the corporate colossus that runs it--is under investigation again. CVS Caremark Corp. announced yesterday that the Federal Trade Commission (FTC) is investigating the company's business practices, according...(read more)

Movies and Medical Records

Lisa Algeo — Tue, 03 Nov 2009 17:47:00 GMT

(Editor's note: The following blog was written by Mark McGraw, an associate editor on staff at ADVANCE .) It's movie night, and you're not interested in subtitles or surrealism. Maybe next week you'll go for the one with the "Winner: Best Foreign Language...(read more)

On the Record

Cheryl McEvoy — Wed, 30 Sep 2009 15:24:00 GMT

With all the prep for next week's American Health Information Management Association Convention and Exhibit and our HIM Team of the Year coverage (Yes, we have a winner!), I've been neglecting my Google Alerts. Well, I found some time this morning to...(read more)

HHS Releases Breach Notification Final Rule

Cheryl McEvoy — Thu, 20 Aug 2009 13:41:00 GMT

The Department of Health and Human Services (HHS) has released a final rule on breach notification requirements for covered entities (CEs) and business associates (BAs). Published in the Federal Register , the rule dictates proper procedure for responding...(read more)

Registry: Child's Play?

Cheryl McEvoy — Thu, 06 Aug 2009 14:43:00 GMT

Call me a bandwagoner, but I just started reading Julie and Julia (Quite frankly, I'm just a wannabe foodie who wanted something to breeze through after being semi-forced into reading a 500-page sci-fi book). I was poring through Julie Powell's witticisms...(read more)

Privacy Problem Causes Real-Life Drama

Cheryl McEvoy — Tue, 21 Jul 2009 13:14:00 GMT

There's been quite a buzz at ADVANCE headquarters about the television phenomena "Nurse Jackie" and "HawthoRNe." Staffers wonder: is it realistic , do nurses approve of the portrayal and--at least around the HIM desk--how many HIPAA violations can they...(read more)

HIPAA be damned?

Lynn Jusinski — Tue, 14 Jul 2009 12:05:00 GMT

[Editor's note: This is a guest blog by ADVANCE for Nurses editor Lyn A.E. McCafferty, who contributes to the "ADVANCE Perspective: Nurses " blog featured on the ADVANCE for Nurses Web site.] If you think the fictional Nurse Jackie and HawthoRNe are bad...(read more)

Malicious Use of PHI Lands Woman in Jail

Lynn Jusinski — Thu, 11 Jun 2009 19:02:00 GMT

In a strange case of Internet harassment involving personal health information (PHI), a woman finds herself facing a year in prison for what a judge called "egregious" behavior, according to the Honolulu Advertiser. Rhonda Wong-Fernandez was sent immediately...(read more)

Suleman’s Records Accessed; 15 Employees Fired

Lynn Jusinski — Tue, 31 Mar 2009 15:18:00 GMT

I had a feeling when the Octomom story hit the wire and all the details spilled out that someone would be caught sneaking a peek at her medical records. Sure enough, 15 workers were fired for looking at the records of Nadya Suleman without permission....(read more)

A Dose of Reality

Cheryl McEvoy — Thu, 26 Mar 2009 13:58:00 GMT

Thanks to Obama's rah-rah health care reform, the general public is turning an ear to EHR. But what exactly are they hearing? At first mention of EHRs in the stimulus package, news outlets swooped in with the "revolutionizing health care" angle. A national...(read more)

Harsher HIPAA Might Not Hurt

Cheryl McEvoy — Thu, 19 Feb 2009 17:42:00 GMT

As health care advocates and political pundits commend, tank or simply expound upon privacy provisions in the stimulus package, this morning's Google alerts remind us why HIPAA is oh-so-important in the first place.

CVS Caremark Corp. has agreed to a record $2.25 million settlement following an investigation into its handling-or rather, disposal of-private patient information. Fueled by reports from an Indianapolis news station that employees were dumping pill bottle labels that contained private health information, the Department of Health and Human Services and Federal Trade Commission launched a probe into the company's practices. Investigators concluded that CVS failed to teach or follow proper protocol for disposing records that contained customers' personal information.

In addition to the settlement, CVS must implement a "robust corrective action program" over the next 3 years to meet and maintain HIPAA standards. The company also is required to monitor compliance for the next 20 years.

But as one door closes, another door opens. This time, it's 1,000 records that have jumped the threshold into public domain.

According to the Albany Times Union, a security snafu at a North Carolina transcription company left detailed patient records posted on the Internet. The records have been removed from the site, but through the magic of Google archiving, a curious info-monger could still find the records online as of yesterday, according to the report.

The posted records include about 1,000 patients who visited an Albany orthopedic practice from March through August of last year, and 300 of those include "detailed narratives," the report stated. The practice had been using the North Carolina company for transcription services.

Fines could reach up to $25,000 per violation; if criminal intent is identified, charges could bump to $250,000 and up to 10 years in prison, according to the report.

Ah, there's nothing like the warm and fuzzy feeling you get wondering if a Web trawler enjoys reading about the side effects of your back pain prescription.

No Pictures, Please!

Cheryl McEvoy — Wed, 24 Sep 2008 13:22:00 GMT

This week’s top story on the Web, “LA Confidential,” addresses the new fascination with celebrities becoming patients. Now the lens is turning on us; patients are becoming celebrities, and they’re not exactly basking in the spotlight.

With the rising popularity of YouTube, MySpace and other social networking sites, cell phone cameras are becoming the tool du jour in documenting everyday real-life. The University of New Mexico Hospital, however, is facing a backlash from the trend; a slew of privacy concerns were raised after amateur paparazzi—who also worked at the hospital—photographed patients who were waiting for treatment.

According to reports, the hospital employees used the unauthorized photos to jazz up a MySpace page. (Who wants to network with someone who posts photos rivaling scenes from “House,” I’m not quite sure.) Needless to say, the hospital terminated their employment.

This isn’t the first time it’s happened either; Tri-City Hospital in Oceanside, CA and UCLA’s neuropsychiatric hospital dealt with similar privacy violations involving cell phone cameras and laptops.

But will hospital-wide bans on such technology help? Cell phones are virtually glued to our hands, and with models approaching the size of a paper clip and skilled users who can send texts from their pockets, they’re becoming even more difficult to detect. Without a precedent, hospitals are struggling to anticipate violations that range as wide as technology and (creepy) creativity can go.

Never mind the $299 price tag; the real cost of these modern conveniences is our privacy.