6. Criminal Penalties
• When an individual or covered entity
knowingly violates HIPAA and discloses a
patient's private health information, they can
face up to $50,000 in fines and up to one year
in prison.
• When the offense is committed under false
pretenses, the penalties are higher. Up to
$100,000 in fines can be assessed, and
violators can spend up to five years in prison.
7. Privacy violation: Patient records
improperly disposed of
•Rite Aid Agrees to Pay $1 Million
to Settle HIPAA Privacy Case
•CVS to pay $2.25 million to settle
HIPAA violation
8. Where did the data end up: In a public dump
What information was revealed: Names, addresses,
dates of birth, Social Security numbers, insurance
information (including policy numbers), patient
identification numbers, as well as protected health
information such as diagnoses relating to pathology
tests
10. Where did the data end up: An auto shop
What information was revealed: Six patients' names,
dates of birth, and details about the visits
What makes this case special: Unlike so many other
examples, this breach of patient confidentiality was
accidental. A test fax should have been sent first.
12. Where did the data end up: A recycling center
What information was revealed: Names of patients, as well as their
addresses, phone numbers and medical record numbers all on printouts
Who was responsible: Hospital janitor Robert Sanders
What makes this case special: Sanders sold 30,000 patient record
printouts for $40
14. Who was responsible: Five nurses
What makes this case special: While no patient
names, photographs or identifying information
appear to have been used, according to the
hospital, management insisted on pursuing
termination hearings for the employees involved.
Where did the data end up:
16. Where did the data end up:
Facebook and in cell phone
photos
What went down: Pictures
were taken of an X-ray
Who was involved: Two
nurses employed by Mercy
Walworth
Response: The nurses were
fired.
17.
18. Instead of treating a 60-year-old stabbing
victim after his initial arrival at St. Mary
Medical Center's ER, nurses and other staff
took photos of the man and posted them on
Facebook, the Los Angeles Times reports.
19.
20. Oakwood Hospital Employee Fired for Facebook Posting”
“Nurses' jobs at risk for allegedly posting patient info on
Facebook”
“Hospital worker fired over Facebook comments”
“Single tweet by hospital employee to Mississippi governor
violates HIPAA and gets her fired”
“Nurses Fired Over Cell Phone Photos Of Patient”
United States Magistrate Judge Andrew J. Wistrich sentenced a former UCLA Healthcare System employee who admitted snooping at patients' records to four months in prison Tuesday, according to the U.S. Attorney's Office in the Central District of California.
Huping Zhou, 47, of Los Angeles, admitted to illegally reading private and confidential medical records, mostly from celebrities and other high-profile patients, the federal California attorney's office said in a release.
Wistrich condemned Zhou for his lack of respect for patient privacy, according to the release.
Breaches that affect more than 500 individuals must be reported to the OCR within 60 days of discovery
Patients must be notified in writing by SMC including a list of specific PHI items were involved/ Type of Breach
Our mitigation plan
And steps on how to protect themselves from adverse events such as identity theft
SMC must report to the local news media outlets
United States Magistrate Judge Andrew J. Wistrich sentenced a former UCLA Healthcare System employee who admitted snooping at patients' records to four months in prison Tuesday, according to the U.S. Attorney's Office in the Central District of California.
Huping Zhou, 47, of Los Angeles, admitted to illegally reading private and confidential medical records, mostly from celebrities and other high-profile patients, the federal California attorney's office said in a release.
Wistrich condemned Zhou for his lack of respect for patient privacy, according to the release.
Zhou is the first person in the nation to be convicted and incarcerated for misdemeanor HIPAA offenses for merely accessing confidential records without a valid reason or authorization, according to the attorney's office.
4 months in prison
The most severe penalty is given when a patient's private health information is disclosed for sale, transfer or use for commercial gain and malicious harm. Under these circumstances, violators can face up to $250,000 in fines and up to 10 years in prison.
What makes this case special: A photographer with the Boston Globe discovered the hospital records in a large pile at the public dump while getting rid of his trash.
United States Magistrate Judge Andrew J. Wistrich sentenced a former UCLA Healthcare System employee who admitted snooping at patients' records to four months in prison Tuesday, according to the U.S. Attorney's Office in the Central District of California.
Huping Zhou, 47, of Los Angeles, admitted to illegally reading private and confidential medical records, mostly from celebrities and other high-profile patients, the federal California attorney's office said in a release.
Wistrich condemned Zhou for his lack of respect for patient privacy, according to the release.
United States Magistrate Judge Andrew J. Wistrich sentenced a former UCLA Healthcare System employee who admitted snooping at patients' records to four months in prison Tuesday, according to the U.S. Attorney's Office in the Central District of California.
Huping Zhou, 47, of Los Angeles, admitted to illegally reading private and confidential medical records, mostly from celebrities and other high-profile patients, the federal California attorney's office said in a release.
Wistrich condemned Zhou for his lack of respect for patient privacy, according to the release.
United States Magistrate Judge Andrew J. Wistrich sentenced a former UCLA Healthcare System employee who admitted snooping at patients' records to four months in prison Tuesday, according to the U.S. Attorney's Office in the Central District of California.
Huping Zhou, 47, of Los Angeles, admitted to illegally reading private and confidential medical records, mostly from celebrities and other high-profile patients, the federal California attorney's office said in a release.
Wistrich condemned Zhou for his lack of respect for patient privacy, according to the release.
The incident began when a patient was admitted to the emergency room with an object lodged in his rectum. According to the police, the two nurses took pictures of the patient's X-ray when they learned that the object was a sexual device. One of the two allegedly posted a discussion about the incident on her Facebook page, though police haven't found anyone who saw the pictures, they said.