Re: HIPAA VIOLATION?

More | Report Post

She may not be in compliance, but you are--by far--the more
serious violator. It was your job to maintain the
confidentiality of those records--to keep them secure. By
allowing a stranger unfettered access to those records, you
have breached your responsibilities. Have you notified all
of your clients that you exposed their records to someone
who had no medical need for access to them?

On 9/14/08, Diane wrote:
> I am the manager of a medical spa in California. We leased
> out a room to an esthetician for one year. She had access
> to our patient software program to schedule appointments.
> She did perform treatments on approximately 30 patients.
>
> In May, she decided to open her own spa down the street.
> I discussed with her our confidentiality agreement and
> reminded her under HIPAA guidelines, she must not remove
> any patient information without the patient's consent.
>
> We adhere to strict HIPAA guidelines. Every patient signs
> the an agreement and is aware of their confidentiality
> rights.
>
> I have just received complaints from several patients
> forwarding an email they received from this esthetician
> without verbal or written consent. This email is
> advertising her new location and services.
>
> Is she out of compliance with regards to patients she has
> not treated?
>
> Thank you.
> Diane