The plaintiff is asking for punitive and compensatory damages exceeding $10,000 from each defendant, as well as a restraining order and injunction preventing the defendants from disclosing or disseminating any of her confidential health records.Patient Privacy Auditing Stops Lawsuits and Fines
Separately, the former patient filed a HIPAA Privacy Rule complaint with the U.S. Department of Health and Human Services Office for Civil Rights (HSS/OCR). A subsequent patient privacy audit did not show any hospital employees had inappropriately accessed the patient's electronic medical records (EMR). "We comply with federal laws that require healthcare providers to have the ability to produce audit trails for access to patient records,” said a hospital spokeswoman.
Can you cost effectively audit ePHI across all systems and devices containing ePHI?While Federal investigators found no violation, the hospital has agreed to provide training on safeguarding the privacy of electronic health records (EHR) to the employees in the departments covered by the complaint.
Download a white paper on patient privacy auditing as a service. Learn how an on-demand, pay-per-use service can cost effectively address HIPAA/HITECH privacy objectives - with no hardware and no on-site software.
NEW DEVELOPMENTS IN THIS CASE (a)
The investigation into this violation of patient privacy rights at the hospital has been reopened by the U.S. Department of Health and Human Services Office for Civil Rights. Asked about the reopened investigation the hospital spokesperson said, “We will fully cooperate with the Office of Civil Rights and actively assist them throughout this investigation.”
“Our employees and physician partners each take our obligation to protect every patient’s privacy seriously,” - Hospital spokesperson.Sources:
(a) Federal agency reviews hospital complaint - salisburypost.com, February 2, 2011
(b) Hospital named in complaint over privacy - salisburypost.com, January 8, 2011