Secure PHI using Mediprocity HIPAA compliant solution
Looking at negligence in the healthcare workplace, a recent lawsuit that was decided in the Connecticut Supreme Court 'Byrne v. Avery Center for Obstetrics and Gynecology, P.C. (2014) (The 'Byrne Case') sheds a bright light on a breach.
The case discussed an action of negligence from a health care provider's breach of a patient's privacy that was not preempted by Health Insurance Portability and Accountability Act of 1996 (HIPAA). This case decision was a reverse from a previous trial decision, which resulted in "Mr. Byrne's state law claims for negligence and negligent infliction of emotion distress preempted by HIPAA."
This case has very specific issues and would not be a blanket for all healthcare covered entities or business associates. But, what it does show is that one of the highest courts in a state agreed that the plantiff did suffer harm from the breach. Even though the physician office took steps to inform the patient and comply with HIPAA, it did have a breach and those steps did not protect the entity from the lawsuit.
In the end, all covered entities and business associates should be aggressive in their approach to Patient Health Information. They are simply the stewards of this information and do not own it. Many in the healthcare space for years have felt some sort of authority over these records, however, that authority only lies with a patient.
- If you are communicating patient information with other healthcare professionals using electronic devices you must encrypt.
- If you are sharing patient information documents with other healthcare professionals you must encrypt.
- Never share a patient's medical record without notifiying the patient of the third party request, getting the patient's approval.