Monday is Blog Carnivals Day. A Blog Carnival is basically a collection of articles or blog posts, all relating to a similar subject, that are gathered together for your viewing pleasure. You can quickly and conveniently see a list of Article Titles a…

Es wäre vermessen, die USA als "Testregion" zu bezeichnen. Immerhin haben sie dort etwas mehr praktische Erfahrung im Umgang mit EMR (hierzlande gern als eEPA bezeichnet) sammeln dürfen. Und soo weit sind wir hierzulande noch gar ni…

For example, would you go to see a physician if you knew he had a pre-existing medical condition that might affect your treatment or perhaps affect him during a surgical case?

Are you seriously suggesting that a physician has a right to hide the fact that he has a medical condition that might harm a patient during surgery?

The hospital was required to provide a Notice of Privacy Practices to the patient at the time he was admitted, assuming he had not also been admitted previously (i.e., between April 2003 and now). It should have contained the process for him or his designees, in this case his family members, to file a privacy complaint with the hospital. Even if he was admitted emergently, the hospital’s requirement was to get the Notice to him as soon as it was medically practical for them to do so; they could also have provided the Notice to his family members.

The family should have immediately contacted the hospital’s HIPAA Privacy Officer (the hospital is required by statute to have one). If the Privacy Officer did not immediately ensure that the kibosh was put on what was going on, the family should have contacted senior staff (CEO, Sr VPs, etc.) and complained. Of course, they may not have known this if they were never provided with the Notice of Privacy Practices, or didn’t have the time to read it.

The Privacy Officer should have contacted the hospital’s HIPAA Security Officer (again, the hospital is required to have one), who should have immediately started utilizing whatever process the hospital has in place to track hospital system users, so that the snoopers could have been caught in the act and disciplined immediately.

The family have up to six months from the time of the privacy breaches to file an official complaint against the hospital with Health & Human Services, and as a HIPAA patient advocate I strongly encourage them to do so. The process is relatively quick and painless: http://www.hhs.gov/ocr/hipaa — the complaint form can be found on this page. I encourage the author of this blog to follow-up on this with the patient and/or his family. HHS has received 40,000+ privacy complaints since April, 2003, and yet has fined only ONE hospital in 5+ years. Hospitals such as this one will continue to allow patients’ privacy rights to be violated unless and until active complaints are received.

I also encourage the patient or his family members to contact the senior leadership of this hospital and let them know that the family will be filing a complaint with HHS. They should include in the letter their expectation that the hospital will take steps to stop this type of occurrence both with members of its workforce as well as all privileged providers who may or may not be staff members.

I am establishing a patient advocacy practice specifically to deal with HIPAA Privacy & Security issues — for exactly the reasons as stated in this blog — patients and their families do not know their rights regarding their privacy and the security of their healthcare information.

I hate to tell Hipaa, but the common people and doctors want the same enforcement of the law that is provided for celebrities!

This is infuriating!