HIPAA prosecution targets AR clinic's employee
A new HIPAA criminal case suggests that healthcare organizations may be not criminally liable for employee disclosures of protected health information if they have strong protections in place or are unaware of an employee's behavior. In the case, believed to be only the fourth criminal case pursued under HIPAA, a clinic nurse with the Northeast Arkansas Clinic pled guilty to wrongfully disclosing a patient's PHI and using it for personal and malicious intent. Andrea Smith admitted that she accessed a patient's medical file and shared it with her husband, who planned to use the information in an upcoming legal proceeding. Now, Smith faces up to 10 years in prison, $250,000 in fines or both. She was also terminated from the clinic when it found out about the breach. Legal observers had assumed, under previous Department of Justice guidelines issued in 2005, that the clinic would be liable for the actions for employees like Smith.
To learn more about this story:
- read this AMNews piece
Related Articles:
HHS plans surprise HIPAA audits
Over-applying and misapplying HIPAA is common
Few HIPAA complaints pursued
HIPAA violations not drawing fines
Be the first to comment
Comments
Post new comment
Paid Research Reports
- Stakeholder Opinions: Percutaneous Coronary Intervention - Adverse events with drug-eluting stents demand a new safety standard
- Impact of Pharmacogenomics on Public Healthcare Policy
- The Cardiovascular Disorders Market Outlook to 2012
- 2008 Trends to Watch: Pharmaceutical Technology
- Pharmaceutical Pricing and Reimbursement: Strategies for market access across the US, Europe, Japan and other key geographies