skip to: page content | links on this page | site navigation | footer (site information)

Your Advocate Online

Contact Us | About Us | Dr. Riolo's Press Kit | Search

HIPAA Liability More than Meets the Eye

by Dr. Arnold Rosenbaum, Seacrest DocSecurity

Published by Health-IT World Copyright © 2005 Reprinted with permission

The HIPAA legislation presents a new and serious risk to all entities handling protected health information. The federal penalties for HIPAA breaches have been listed and, although severe, pale in comparison to the financial liability exposure presented by the possibilities of leaked, misplaced, unsecured, or Internet-hacked information.

There is a widespread misunderstanding that malpractice and professional liability coverage includes the privacy and security issues raised by HIPAA.

Are You Covered Against HIPAA Lawsuits? Probably Not!

Physicians and providers are not protected from civil HIPAA litigation by their standard malpractice, errors and omissions, or general liability policies.

Even worse, prominent personal injury attorneys have indicated that lawsuits arising from the inadvertent or purposeful release of protected health information will be a significant component of their practices. As of August 2003, there are already 12 ongoing legal cases in the U.S. involving protected health information damages.

One such example is a case against Easton Hospital in Easton, Pa. Medical records with lab reports, drug reports, and doctor's examination notes were found on the streets of Allentown, Pa. All of the records had patient names and many included addresses and phone numbers. Officials at Easton Hospital determined the disclosure was due to poor security at the hospital, and litigation is under way. Cases like this are beginning to crop up around the country.

Protect Yourself and Your Practice

Many physicians and various entities consider themselves to be compliant with HIPAA regulations when in fact they are not. Taking a simple course or reviewing information provided by a state medical society does not in and of itself provide a level of required HIPAA compliance. Proper background checks must be performed, electronic data transmissions must be secured, and records, fax machines, and computer terminals must be kept in a secure locked fashion.

To protect against this new serious liability threat, best-practice procedures of full compliance, with documentation and purchase of insurance for protection, are required. A thorough compliance package should include needs assessment, gap analysis, HIPAA training, secure networks for electronic data transmission, onsite and offsite paper and digital data storage, background checks, and data recovery services. Without the necessary steps, and without insurance protection, providers are opening themselves up to the potential for civil law suits. Providers beware: They can take your personal assets -- they can even take your boat!

Dr. Arnold Rosenbaum is CEO and medical director for Seacrest DocSecurity, as well as a practicing surgeon with a Providence, R.I., practice. He can be reached via e-mail at asr@seacrestdocsecurity.com.

 

 

Search | Site Map | Privacy Policy | Contact Us | ©2006 Psychjourney