Margaret C. Scavotto, JD, CHC
Management Performance Associates
Compliance officers and HIPAA privacy and security officers typically worry about HIPAA violations all day long. But does your public relations department?
An arrest and a press release
In May 2017, a not-for-profit health system in Texas entered a $2.4 million settlement with the OCR to resolve allegations that it violated the HIPAA Privacy Rule.
A patient presented a fake ID at a health system OB/GYN clinic. The clinic called the police – which complied with the Privacy Rule’s provisions for reporting a crime on the premises. But, then the health system issued a press release about the arrest. The press release title included the patient’s name.
Why the press release? The patient is an immigrant from Mexico, and her arrest drew protesters to the hospital. The protesters asserted that hospitals should be immigrant “safe zones.” One can see why the hospital would feel the need to address the matter. But, the OCR found that, by identifying the patient in the press release, the health system went too far under HIPAA. [Read more…]