Radiologists Behaving Badly
Two news items caught my attention today – both involved radiologists and HIPAA violations:
1. MORE DUMPED RECORDS: According to the report, a customer noticed 65 boxes of medical records, including social security numbers, in a dumpster at a storage unit facility. The records belonged to a radiology group that had disbanded, and ultimately failed to pay for continued storage of the records.
Take away points: Physicians are required to maintain the security and integrity of patient information, even in the event they are no longer treating those patients. We know from prior cases that the Office for Civil Rights (OCR) takes record-dumping cases seriously, having reached a resolution agreement earlier this year involving the dumping party paying $125,000. OCR has even prepared a resource, Frequently Asked Questions About the Disposal of Protected Health Information (.pdf).
2. LICENSING BOARD DISCIPLINE FOR PEEKING AT A MEDICAL RECORD: The second story led to multiple headlines about a radiologist being disciplined by the state medical board for a HIPAA violation. She admitted to accessing a physician colleague’s hospital record without authorization or a legitimate purpose, which is a violation of HIPAA’s Privacy Rule. However, having read the actual board order, there’s no mention of the federal HIPAA law. Rather, the board’s disciplinary action and resulting Consent Agreement are based on violations of the AMA’s Code of Ethics, which has been codified into her state’s law. The physician was officially reprimanded and her probationary terms included, among other things, that she delivers a written apology to the physician whose records she inappropriately accessed, and that she completes additional ethics training and submits to the board a report detailing the training and how she will apply it to her practice.
Take away points: Even physicians sometimes cannot resist the urge to inappropriately peek at medical records. Training is key – all individuals who have access to patient records need regular training to remind them of the laws that must be complied with and the significant consequences of violations. Also, physicians need to be concerned about more than just HIPAA compliance in terms of security and confidentiality. Breaches could also be violations of state law, which could result in investigation and discipline by a licensing board.
|Donna Vanderpool, MBA, JD – Vice President As Vice President of Risk Management, Ms. Vanderpool is responsible for the development and implementation of PRMS’s risk management services for The Psychiatrists’ Program. Ms. Vanderpool has developed expertise in the areas of HIPAA and forensic practice, and has consulted, written and spoken nationally on these and other healthcare law and risk management topics. She most recently wrote a chapter concerning the risks of harm to forensic experts for Robert L. Sadoff, MD’s book Ethical Issues in Forensic Psychiatry: Minimizing Harm, (Feb. 2011/Wiley). Ms. Vanderpool received her undergraduate degree from James Madison University, and her MBA and JD from George Mason University. Prior to joining PRMS in 2000, Ms. Vanderpool practiced criminal defense law, taught business and legal courses as an adjunct faculty member at a community college and spent eight years managing a general surgical practice in Virginia.