The Implications of Divorce and HIPAA Violations

author by Joseph C. Maya on Jun. 26, 2017

Divorce & Family Law Divorce Health Care  Health Care Other 

Summary: A blog post about a recent case involving a divorce that caused a violation of HIPAA when an employee of a healthcare provider left behind classified patient information after a divorce.

If you have questions about divorce, legal separation, spousal HIPAA violations, or alimony in Connecticut, please feel free to call the experienced divorce attorneys at Maya Murphy, P.C. in Westport today at 203-221-3100 or email Joseph C. Maya, Esq. at JMaya@Mayalaw.com.

The Office of Civil Rights (“OCR”), a division of the Department of Health and Human Services, recently took the rare step of imposing civil monetary penalties against a large home health provider for violating the Health Insurance Portability and Accountability Act (“HIPAA”), highlighting the importance of developing written policies that meet the realities of how and where employees use documents with patients’ personal health information (“PHI”).

HIPAA creates privacy rights and protections for consumers of health services. To ensure these rights are protected, entities that possess and transmit PHI, defined as “covered entities,” are required to safeguard that information. Lincare provides respiratory care, infusion therapy and medical equipment to in-home patients. Because Lincare employees often traveled to patients’ homes, they routinely had to take protected health information into the field to perform their duties. However, Lincare also had a practice of requiring its employees to keep copies of documents containing PHI in their vehicles so that they could access the information if the physical office were destroyed or otherwise made inaccessible. These practices are not, in and of themselves, HIPAA violations. However, Lincare was required to develop and implement policies and procedures, in either written or electronic form, reasonably designed to protect its patients’ PHI while those documents were out of the office.

The problem is this case arose when a Lincare employee kept documents with PHI in her car even though she knew that her husband had keys to the car. The employee and her husband had a falling out. The employee moved out of her home and left her car – and the documents – behind. Months later, the husband reported to Lincare and the OCR that he had the documents. The OCR investigated and found that, while Lincare had a written policy designed to safeguard PHI within its offices, it did not have a policy addressing PHI taken into the field. Accordingly, OCR concluded that Lincare violated HIPAA and imposed a penalty of nearly $240,000.

Lincare contested the penalty to an Administrative Law Judge (“ALJ”), offering the defense that it was a victim of theft. Lincare claimed that the employee’s husband stole the documents and reported them to Lincare and OCR in an attempt to induce his estranged wife to return to him. The ALJ found this to be an ill-conceived defense because, assuming Lincare’s version of the breach were true, it was more damaging to their case. The ALJ noted that HIPAA required Lincare to take reasonable steps to protect PHI from theft and the alleged theft in this case only highlighted the fact that Lincare failed to adopt any policies and procedures to safeguard PHI taken into the field. Accordingly, the ALJ upheld the OCR’s penalty.

For covered entities, this case illustrates the importance of assessing the realities of how and where your employees use PHI. In a perfect world, PHI would never leave the safety of a locked file cabinet. In reality, employees often need to take PHI outside of the safety of the file cabinet or even the office to perform their duties. If a covered entity does not adopt written policies and procedures to address the realities of how and where PHI is being used, they may be risking significant civil penalties.

For a free consultation, please do not hesitate to call the experienced family law and divorce attorneys at Maya Murphy, P.C. in Westport, CT at 203-221-3100. We may also be reached for inquiries by email at JMaya@mayalaw.com.


Source: Martindale

Legal Articles Additional Disclaimer

Lawyer.com is not a law firm and does not offer legal advice. Content posted on Lawyer.com is the sole responsibility of the person from whom such content originated and is not reviewed or commented on by Lawyer.com. The application of law to any set of facts is a highly specialized skill, practiced by lawyers and often dependent on jurisdiction. Content on the site of a legal nature may or may not be accurate for a particular state or jurisdiction and may largely depend on specific circumstances surrounding individual cases, which may or may not be consistent with your circumstances or may no longer be up-to-date to the extent that laws have changed since posting. Legal articles therefore are for review as general research and for use in helping to gauge a lawyer's expertise on a matter. If you are seeking specific legal advice, Lawyer.com recommends that you contact a lawyer to review your specific issues. See Lawyer.com's full Terms of Use for more information.

© 2024 LAWYER.COM INC.

Use of this website constitutes acceptance of Lawyer.com’s Terms of Use, Email, Phone, & Text Message and Privacy Policies.