Violation of HIPAA’s privacy laws could mean prison time
TRENTON, N.J. — Nowadays, invasion of one’s privacy is more accessible given the growth of social media and electronic devices everywhere; and this means greater protection for personal information.
Hackers and identity thieves are inquisitive about the sources to personal information that they can find. Employees working at healthcare facilities are also held accountable for protecting the privacy of patients they care for. Patients’ privacy is protected by the Health Insurance Portability and Accountability Act, (HIPAA), that was “born out of a statute in 1996,” said Stephen Miller, chief compliance officer at Capital Health System Regional Medical Center.
Miller said this Act covers several regulations, but only one part of it covers privacy information about patients. Congress directed The Department of Health and Human Services to create the HIPAA laws. It was a broad piece of legislature that covered various regulations. One part of it had to do with disclosure and privacy, said Miller.
The HIPAA has a set of rules about privacy that, “tell healthcare providers how they can use information about their patients and with whom and under what circumstances they can share information about patients,” he said.
Miller explained that this law created at “floor”. “It created a floor–single set of rules that no matter where you go in the county you know if you see a healthcare provider: if go to a doctor, you go to a hospital, if you go to a nursing facility or a physical therapist, and give them information about yourself, you know there are certain things they are allowed to do with that information. There are certain things they are not allowed to do with that information. And there are certain ways they have to protect that information,” he said.
The reason we call that a floor because the law says you must at least follow these rules. States can pass their own laws and they can make them more protective of patients, but you have to at the minimum follow those rules nationally, Miller continued. “It created best-practice in a way for protecting information about patient,” he said.
Often times, when the HIPAA rules are broken, it has to do with identity theft, said Miller. He told of an incident, where employees were hacking into computers and stealing the identity of their cancer patients who were terminally ill. They wanted to get credit cards in their names.
However, breaching HIPAA privacy laws was not a prison term violation until recently. Huping Zhou, “former University of California at Los Angeles [UCLA], Healthcare System research assistant, was sentenced to four months in prison after admitting he illegally read private electronic medical records of celebrities and others,” writes Howard Anderson of The Security Scrutinizer.
As Miller points out, it is easier for hackers; HIPAA violators and other identity thieves to leave a building with laptop under their jacket or a thumb drive in their pockets. Some individuals are even using cell phones to invade the privacy of others, by taking photos or recording conversations. Therefore, we need greater protections for information on these electronic devices.