Tag Archives: Protected Health Information

How are hospitals complying with patient medical record requests? Not well, study finds

Posted on by Posted in Uncategorized Tagged , , , , Leave a comment

https://www.beckershospitalreview.com/legal-regulatory-issues/how-are-hospitals-complying-with-patient-medical-record-requests-not-well-study-finds.html

Image result for medical record access

Most hospitals were found to be noncompliant with federal and state regulations when completing patient medical records requests, according to a study published in JAMA Network Open.

Through a simulated patient experience, researchers analyzed 83 U.S. hospitals across 29 states that maintained independent medical records request processes and medical records departments reachable by telephone. The hospitals were among the top 20 hospitals for each of the 16 adult specialties in the 2016-17 U.S. News & World Report Best Hospitals National Rankings.

Under HIPAA, patients have a right to access their protected health information. Federal law requires medical record requests must be fulfilled within 30 days of receipt, in the format the patient requests and for a fair cost to the patient.

Information on records request authorization forms differed from that obtained from patient telephone calls in terms of requestable information, formats of release and costs, according to the researchers. Additionally, 8 percent of hospitals were noncompliant with state requirements for processing times.

On telephone calls, all 83 hospitals said they were able to release entire medical records to patients, but on the forms, fewer than 9 hospitals (11 percent) provided the option of selecting one of the categories of requestable information, such as laboratory test results, medical history and discharge summaries, and only 44 hospitals’ forms (53 percent) gave patients the option to acquire the entire medical record.

There were also differences between the formats hospitals said they could use to release information. On telephone calls, 83 percent of hospitals stated they would allow the patient to pick up their records in person, compared with 48 percent of forms listing this option. Forty-seven percent of hospitals indicated they could email patients their records when patients asked on the telephone calls, while only 33 percent of hospitals’ forms listed email as an option.

The researchers also identified 48 hospitals that charged well above the federal government’s recommendation of $6.50 for electronic records — charging as much as $541.50 for a 200-page record.

“Requesting medical records remains a complicated and burdensome process for patients despite policy efforts and regulation to make medical records more readily available to patients,” the study reads. “As legislation, including the recent 21st Century Cures Act, and government-wide initiatives like MyHealthEData continue to stipulate improvements in patient access to medical records, attention to the most obvious barriers should be paramount.”

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Hospital ER worker fired for allegedly selling patient records

Posted on by Posted in Uncategorized Tagged , , , , , , , , , , Leave a comment

https://www.beckershospitalreview.com/cybersecurity/kings-county-hospital-er-worker-fired-for-allegedly-selling-patient-records.html

Image result for stealing patient records

An employee at Kings County Hospital’s emergency room stole nearly 100 patients’ private information and sold it through an encrypted app on his phone, according to New York Daily News.

Orlando Jemmott, 52, has worked at the city-run Brooklyn hospital for more than 10 years, where he was in charge of charting patient demographic data into the hospital’s computer system. But between December 2014 and April 2015, he allegedly sold patient data to Ron Pruitt, 43, a buyer in Pennsylvania.

FBI agents arrested Mr. Jemmott in February after receiving a tip in June 2017. A tipster told the FBI she had learned two years earlier that Mr. Jemmott was stealing and selling health records.

Hospital officials told the publication that Mr. Jemmott sold the names of 98 patients, and he accessed the private health records of at least 88 of those patients.

Kings County fired Mr. Jemmott in April. He has been negotiating a plea deal with prosecutors since.

“We have zero tolerance for anyone who intentionally violates our patient privacy rules,” Kings County Hospital CEO Sheldon McLeod said in a written statement to the New York Daily News. “The privacy of patient information is an important foundation for the care we provide.”

 

 

Memorial Healthcare Systems to pay $5.5M over potential HIPAA violations

Posted on by Posted in Uncategorized Tagged , , , , , , , , , Leave a comment

http://www.healthcaredive.com/news/memorial-healthcare-systems-to-pay-55m-over-potential-hipaa-violations/436400/

Dive Brief:

  • Memorial Healthcare Systems has paid HHS $5.5 million to settle potential HIPAA violations, HHS disclosed on Thursday.
  • The six-hospital nonprofit system disclosed to HHS’ OCR that 115,143 individuals’ protected health information (PHI) had been impermissibly accessed by employees and impermissibly disclosed to affiliated physician office staff.
  • The settlement comes weeks after Children’s Medical Center of Dallas was fined $3.2 million over HIPAA violations.

Memorial Healthcare System provided Healthcare Dive the following statement on the subject:

It’s important to put this settlement in perspective to the fact that this situation happened six years ago, and that Memorial Healthcare System proactively reported the actions of the two employees and the findings of its internal investigation regarding the affiliated physicians’ staff to the Department of Health and Human Services’ Office of Civil Rights (OCR). Upon learning of the breaches, Memorial quickly acted to implement new, sophisticated technologies designed to monitor use and access of patient data, further restricted access to protect patient information, and enacted new policies and procedures to enhance password security. 

Memorial’s February 2017 settlement with the OCR resolves all allegations surrounding these breaches.  While Memorial strongly disagrees with many of OCR’s allegations, has admitted no liability and has chosen to settle this case, it nevertheless agrees with the importance OCR places on maintaining the security of patient information. We will continue to vigorously monitor access and use of patient information and maintain rigorous cybersecurity and internal safeguards.