An Ohio radiologist is facing disciplinary actions from the state medical board after she reportedly committed a HIPAA violation.
Dr. Aimee Hawley unlawfully accessed a colleague’s medical record, according to a DOTmed News article, and her medical license is now on probation. However, Hawley will still be able to practice medicine during her probation period.
“No one can access a patient’s medical records unless they are a treating or consulting physician or have permission from the patient,” Joan Wehrle, education & outreach program manager at the State Medical Board of Ohio, told the news source, adding that this is a learning opportunity for all caregivers.
Wehrle added that the source of the complaint is protected and confidential.
Hawley is required under the consent agreement to comply with a reprimand and probationary punishment, according to DOTmed. The agreement states that Hawley “intentionally accessed the electronic medical records of a physician colleague (and) further admits that she was not a treating physician, nor was she asked to consult, or provide diagnostic service.”
Hawley must also agree to certain terms under the consent agreement:
- Quarterly declarations to confirm compliance
- Face-to-face meetings as requested by the medical board
- Attend medical ethics training, including submitting a written report on what she learned
- Write a letter of apology to her physician colleague
Employees inappropriately accessing patient records is unfortunately not a new scenario. Toward the end of last year, an Indiana Court of Appeals upheld the ruling that Walgreens can be held liable for its employee being part of HIPAA violations.
In that case, a Walgreens pharmacist allegedly inappropriately accessed a woman’s prescription data and exposed it to her husband. A six-person Indiana jury awarded the woman $1.44 million from that health data breach. The plaintiff argued that Walgreens hadn’t done enough to properly train and supervise its employee on protecting patient data and that the employee hadn’t done her job to secure that data.
“By choosing to appeal, Walgreen has now created a precedent,” according to prosecuting attorney Neal Eggeson Jr. “Confirming that privacy breach victims may hold employers accountable for the HIPAA violations of their employees.”
In a February interview with HealthITSecurity.com, Marty Edwards, MS, CHC, CHPC, Compliance Officer at Dell Services Healthcare and Life Science division, also touched on this topic. Edwards explained that “the human factor” is critical for any healthcare organization, and that a lack of knowledge about HIPAA could be harmful.
“You have to keep in mind that all the users that have access to that data have a role or responsibility, and are using that information for a specific purpose,” Edwards said. “So it’s up to those users to make sure that they follow the necessary processes, procedures and policies in place for the disclosure of that information.”
Facilities must ensure that all employees understand what the Privacy and Security Rules are about, and also understand their obligations as staff members. Moreover, covered entities should teach employees how to tie those obligations back to existing practices within the organization.
View the original content and more from this author here: http://ift.tt/1I9fLtO
from health IT caucus http://ift.tt/1I9fHdx
via IFTTT
No comments:
Post a Comment