HIPPA violation

[WDWMom]

Dh received a phone call yesterday from a physican from our local hospital that some correspondences he was supposed to get were mailed to another person with the same name. There were at least 2 that this other man received. The hospital has to notify DH by mail apologizing for the error. Now there was nothing in those letters that would make a difference to any one or to DH. He has had some billing issues with the hospital is already mad at them and wrote a letter to the hospital president. Now he finds out about the HIPPA violation. Not that he plans on doing anything, cause really, there is nothing damaging, but what does the hospital legally have to do. Do they have to report it to anyone else? Do they get in some trouble from some government agency? We are just wondering? Anyone know?

 

[C.Ann]

I don't really know, but when my adult DD requested copies of all of her medical records from a former doctors office due to an issue she was having with them at the time, they were delivered to her house - in a box - tossed on the front lawn - where anyone could have picked them up and walked away with them.. And this was after she was told by the office that she would have to be home to "sign" for them..

 

[dejr_8]

HIPAA (the "privacy" part) is a complete joke that just makes medicine more expensive.

 

[C.Ann]

HIPAA (the "privacy" part) is a complete joke that just makes medicine more expensive.

I agree.. It's not followed nearly as much as they would have you believe..

 

[Abbie]

Dh received a phone call yesterday from a physican from our local hospital that some correspondences he was supposed to get were mailed to another person with the same name. There were at least 2 that this other man received. The hospital has to notify DH by mail apologizing for the error. Now there was nothing in those letters that would make a difference to any one or to DH. He has had some billing issues with the hospital is already mad at them and wrote a letter to the hospital president. Now he finds out about the HIPPA violation. Not that he plans on doing anything, cause really, there is nothing damaging, but what does the hospital legally have to do. Do they have to report it to anyone else? Do they get in some trouble from some government agency? We are just wondering? Anyone know?

I don't think the hospital is "required", at least by federal law, to do anything. Contrary to popular belief, hipaa regulations are open to some interpretation and providers are required to make "reasonable" efforts to protect information.

Is there something in particular you want the hospital to do? It sounds like a simple mistake was made and no harm was done.

 

[MaryAnnDVC]

I'm not sure what the hospital might have to do, like report it to some agency , but I understand wanting to know. My DD was in the ER a few months ago, and at one point we got a diagnosis, plans were made to admit her and treat her, and then before anything was done, it was discovered that they mixed her up with another patient. No harm done, the doctors apologized profusely, and we were relieved it wasn't HER diagnosis. However, we did wonder if it was reported to __________?? Some department in the hospital, or some agency, because IMHO they SHOULD be looking at why it happened, how it happened, and how to prevent it from happening again.

Another time I picked up a prescription at the Pharmacy, and days later when I needed it and opened the bottle, there were larger pills than I had had in the past. Turns out it was the correct medication but 4 times the dose. I noticed right away, but what if someone hadn't? (My mother was prescribed twice the dose I take, and had to stop because they made her light-headed and off balance...not good for an 87 year old woman with walking issues anyway.) Do I want compensation? Of course not...I didn't take them, and no harm done. But they did say that it would be "reported" (at least within the pharmacy co)...whether it was or not, I don't know.

The reason things should be reported is to prevent something potentially more harmful from happening. The next time, private information that gets into the wrong hands could do a lot more damage. So maybe the OP's particular situation didn't do any damage to their privacy, the error, IMHO, should need to be reported so that at the very least, the hospital is on alert to prevent it from happening again.

 

[ecuagoddess]

The hospital has completed its legal requirements by notifying him of the breach. If this breach affected more than just your DH and this man, (say 50 or more people) then they would have more notification requirements (newspaper items, story on the local news, info on their website) depending on how many were affected. Legally, they are fine.
HIPAA is something we take very seriously at my workplace, I'm sorry to see comments about it not being enforced or seen as a money-maker somehow.

 

[dejr_8]

The hospital has completed its legal requirements by notifying him of the breach. If this breach affected more than just your DH and this man, (say 50 or more people) then they would have more notification requirements (newspaper items, story on the local news, info on their website) depending on how many were affected. Legally, they are fine.
HIPAA is something we take very seriously at my workplace, I'm sorry to see comments about it not being enforced or seen as a money-maker somehow.

I was not implying that it is a money maker for anyone. I am stating that it adds to the cost of medical treatment with little to no real added value. It is more paper work for an industry that is already inundated with forms.

 

[LilyWDW]

I don't really know, but when my adult DD requested copies of all of her medical records from a former doctors office due to an issue she was having with them at the time, they were delivered to her house - in a box - tossed on the front lawn - where anyone could have picked them up and walked away with them.. And this was after she was told by the office that she would have to be home to "sign" for them..

If the papers were mailed or sent UPS/Fed EX it is more the possible that THEY were the ones who didn't follow directions. I won't go into the LONG list of things that were left at my door when they were supposed to be signed for. It has happened more then a few times.

 

[CF'er]

It is my understanding that my hospital can be fined up to $10,000 for each violation. We take hippa very seriously.

 

[ecuagoddess]

I was not implying that it is a money maker for anyone. I am stating that it adds to the cost of medical treatment with little to no real added value. It is more paper work for an industry that is already inundated with forms.

Now I understand what you mean- thank you for clarifying.

 

[KPeterso]

My company takes Hippa very seriously too. We just got dinged big time on something. Our requirements are to investigate the breach internally, then report to the Privacy Office, who then takes the next steps. It will involve member notification as needed. I believe we do have to track these things and notify CMS of privacy cases. Privacy office requests are currently overwhelming my department, and we do not have the resources for all the inquiries that come our way. But they get done and reported because we do not want to be out of compliance.

 

[msmayor]

Meh...some follow very strict, others don't.

My DH's health insurance customer service is VERY strict about making sure nothing is released without permission. My DH signed and faxed a letter into his file giving permission to release any and all information about our health insurance plan including claims information to me. Every single time I call in, I am put on hold after I tell them there is a letter on file...they have to double-check and make sure that I'm not fibbing.

Now my daughter's doctor? Different story. She's almost 19, so an adult and entitled to privacy of her own under HIPPA. However, because she's a college student and DH and I provide the insurance coverage and pay the bills, she wants me to have access to her information. This also helps if something comes up while she's at school; I can handle any inquiry/problem from here at home.

At her visit a couple of weeks ago, she indicated she wanted to give permission for them to discuss anything/everything with me. She had to write that statement on her HIPPA release, and we both had to sign it in front of them.

Well wouldn't you know...they called three days later and my daughter wasn't available, and had a message for her. I asked what it was, and they wouldn't tell me. I then informed the nurse that my daughter had signed her HIPPA form as requested so information could be released to me. Did she check? Doubtful, as she replied "Well, I guess I'll have to take your word for it. This is what she needs to do....."

"Take my word for it"?? Go figure.

 

[bicker]

Is there something in particular you want the hospital to do?

That's critical. The system is sound, despite some of the curmudgeonly comments above, but it relies on patients reporting violations when they occur, and pushing to assert their rights.

 

[WDWMom]

Thanks for the feedback. The hospital mailed the letters to the wrong person with the same name, same town. Different streets. Not sure on the birthdates. We do not have a common last name, but DH has a common first. At this point we just wanted to know what the hospital legally has to do out of curiousity. PLus, they didn't believe him when he told them he wasn't getting the letters and now they know why - and it's their fault.

 

[LoriABil]

I agree with others: you need to report it so this doesn't happen to someone else! We take HIPPA very seriously, too. (even if it is a pain in the you-know-what). They will be fined, most likely.

But did the papers have anything like his social security number on it? There are new "red flag" laws that they may have violated as well.

You said your dh is having billing issues with this hospital. Makes me wonder if they are billing him for "same name, wrong street" guys services?

 

[Bren's Mom]

FYI for all of you who work in a hospital/doctor's office/other organization that requires you to be in complainance with HIPAA...

It's HIPAA not HIPPA.

Health Insurance Portability and Accountability Act (HIPAA)

 

[dejr_8]

FYI for all of you who work in a hospital/doctor's office/other organization that requires you to be in complainance with HIPAA...

It's HIPAA not HIPPA.

Health Insurance Portability and Accountability Act (HIPAA)

I wanted to point that out as well. For something that some seem so concerned about they don't even know the appropriate abbreviation.

 

[WDWMom]

I agree with others: you need to report it so this doesn't happen to someone else! We take HIPPA very seriously, too. (even if it is a pain in the you-know-what). They will be fined, most likely.

But did the papers have anything like his social security number on it? There are new "red flag" laws that they may have violated as well.

You said your dh is having billing issues with this hospital. Makes me wonder if they are billing him for "same name, wrong street" guys services?

No the billing issues are DH's. The short story is his doc wanted him to go down for an EKG (office is in hospital) and then the ER treated him like he was having a heart attack because the doc never called down to let them know the EKG was for "just in case" even though no one really thought he was having an attack. DH has been fighting the charges because he kept telling them not to do things like take blood, give O2, and so on because they really didn't think it was a HA, doc was just covering his butt. DH had an ear infection and upper respitory infection. They couldn't find a razor in the office to shave his chest so the EKG in office wasn't working well. Never needed any of it. Over $2000 just for a stupid ear infection/dizziness that lead to miscommunication. Bill has been adjusted BTW. We are now only paying for EKG (because DH agreed to it) and none of the ER bill (because he didn't agree to it).

DH received a letter yesterday with no SS # so I hope none of the ones that went to the other person did. I guess we should check.

Who would we notifiy about the HIPAA violation??? thanks again.

 

[chloelovesdisney]

No the billing issues are DH's. The short story is his doc wanted him to go down for an EKG (office is in hospital) and then the ER treated him like he was having a heart attack because the doc never called down to let them know the EKG was for "just in case" even though no one really thought he was having an attack. DH has been fighting the charges because he kept telling them not to do things like take blood, give O2, and so on because they really didn't think it was a HA, doc was just covering his butt. DH had an ear infection and upper respitory infection. They couldn't find a razor in the office to shave his chest so the EKG in office wasn't working well. Never needed any of it. Over $2000 just for a stupid ear infection/dizziness that lead to miscommunication. Bill has been adjusted BTW. We are now only paying for EKG (because DH agreed to it) and none of the ER bill (because he didn't agree to it).

DH received a letter yesterday with no SS # so I hope none of the ones that went to the other person did. I guess we should check.

Who would we notifiy about the HIPAA violation??? thanks again.

Google report HIPAA violation, the instructions are easy to follow.