Re: HIPAA VIOLATION?

More | Report Post

I appreciate you quick response to my inquiry. I do see my
fault in this. I will contact my patients immediately. Do
you have any suggestions of how to word this notification?

On 9/14/08, Curmudgeon wrote:
> She may not be in compliance, but you are--by far--the more
> serious violator. It was your job to maintain the
> confidentiality of those records--to keep them secure. By
> allowing a stranger unfettered access to those records, you
> have breached your responsibilities. Have you notified all
> of your clients that you exposed their records to someone
> who had no medical need for access to them?
>
> On 9/14/08, Diane wrote:
>> I am the manager of a medical spa in California. We leased
>> out a room to an esthetician for one year. She had access
>> to our patient software program to schedule appointments.
>> She did perform treatments on approximately 30 patients.
>>
>> In May, she decided to open her own spa down the street.
>> I discussed with her our confidentiality agreement and
>> reminded her under HIPAA guidelines, she must not remove
>> any patient information without the patient's consent.
>>
>> We adhere to strict HIPAA guidelines. Every patient signs
>> the an agreement and is aware of their confidentiality
>> rights.
>>
>> I have just received complaints from several patients
>> forwarding an email they received from this esthetician
>> without verbal or written consent. This email is
>> advertising her new location and services.
>>
>> Is she out of compliance with regards to patients she has
>> not treated?
>>
>> Thank you.
>> Diane