We do this by using examples of HIPAA violations to help our clients understand some of the concepts of HIPAA such as:
The bottom line is that HIPAA compliance is driven by the fear of financial penalties.
When we speak with representatives of various organizations about HIPAA compliance, the topics of fines, audits and the cost of breaches usually dominates the conversation. It seems that a large majority of organizations are driven by the fear of HIPAA penalties, rather than the fear of breaching patients’ privacy.
While this might not be true for all organizations, unfortunately fear of fines drives many to start thinking about HIPAA compliance.
When a real-life privacy breach hits the headlines, it’s important that you take a step back and use the information as a lesson learned to prevent similar breaches from occurring at your organization.
This is the perfect example of an individual who has had their privacy breached:
A man, identified as John Doe, who was HIV-positive, was admitted to Advocate Sherman Hospital. One of his neighbors, William Zagalak, looked up his medical record. Zagalak then told others that John Doe was HIV-positive. A lawsuit against Zagalak contends that, as a result of John Doe’s privacy breach, he was the target of ridicule and hate crimes, and was ostracized by his community.
The suit contends that William Zagalak, then a respiratory care specialist at Advocate Sherman Hospital in Elgin, looked up the man’s medical records without authorization, and shared that information with Zagalak’s wife, co-workers and neighbors. As a result, Zagalak no longer works at Sherman.
According to a lawsuit filed May 9 in Kane County court, John Doe had “become a target for ridicule and hate crimes” and had been as been “ostracized by the community” because of the disclosure.
The Real Impact of Privacy Breaches
It’s stories like this that reveal the real impact of breaches to a patient’s privacy. These organizations were fined due to lost laptops with unprotected PHI. While the fines are disastrous, the real impact of these breaches to patient privacy is usually never known. Unfortunately it typically results in financial harm to a patient, or blackmail that damages their reputation.
Every organization that is responsible for handling patient information should take notice. By understanding the real impact of a breach to a patient’s privacy, we can prevent similar breaches from occurring. Policies must be put in place to prevent this type of privacy breach from ever occurring.