• Revenue Cycle Management
  • COVID-19
  • Reimbursement
  • Diabetes Awareness Month
  • Risk Management
  • Patient Retention
  • Staffing
  • Medical Economics® 100th Anniversary
  • Coding and documentation
  • Business of Endocrinology
  • Telehealth
  • Physicians Financial News
  • Cybersecurity
  • Cardiovascular Clinical Consult
  • Locum Tenens, brought to you by LocumLife®
  • Weight Management
  • Business of Women's Health
  • Practice Efficiency
  • Finance and Wealth
  • EHRs
  • Remote Patient Monitoring
  • Sponsored Webinars
  • Medical Technology
  • Billing and collections
  • Acute Pain Management
  • Exclusive Content
  • Value-based Care
  • Business of Pediatrics
  • Concierge Medicine 2.0 by Castle Connolly Private Health Partners
  • Practice Growth
  • Concierge Medicine
  • Business of Cardiology
  • Implementing the Topcon Ocular Telehealth Platform
  • Malpractice
  • Influenza
  • Sexual Health
  • Chronic Conditions
  • Technology
  • Legal and Policy
  • Money
  • Opinion
  • Vaccines
  • Practice Management
  • Patient Relations
  • Careers

Reporting privacy violations

Article

I'm part of a group surgical practice. After we dismissed one of our employed physicians, he accessed patient files from his home computer. Was this a HIPAA violation and, if so, whom should we contact to complain about his actions?

Q: I'm part of a group surgical practice. After we dismissed one of our employed physicians, he accessed patient files from his home computer. Was this a HIPAA violation and, if so, whom should we contact to complain about his actions?

A:To answer the first part of your question, Yes, this was probably a HIPAA violation. Once you dismissed the employed physician, he was no longer entitled to records that belong to the practice, unless patients specifically authorized that they be transferred to him. As for filing a complaint (there's no mandatory reporting requirement), contact the regional Office for Civil Rights, US Department of Health and Human Services, for your region. (To file a complaint online, go to http://www.hhs.gov/ocr/privacyhowtofile.htm, where a list of regional offices is included.)

There's another issue you should consider, however: Why was your former employee able to access practice records in the first place? And do you have appropriate security measures in place to prevent this kind of thing from occurring again? If the answer to the second question is No, take appropriate action to ensure that your medical record system is secure.

Related Videos
© National Institute for Occupational Safety and Health
© National Institute for Occupational Safety and Health
© National Institute for Occupational Safety and Health
© National Institute for Occupational Safety and Health
© National Institute for Occupational Safety and Health