What is HIPAA PrivacyWhat is HIPAA privacy anyway? The annual reporting deadline for little breaches is up at the end of Feb. That means all those little privacy violations in 2016 must be reported on the HHS website soon if you haven’t already done it. Since those little ones often mean so much more than the big ones it made me think it would be a good time to talk about privacy.  Well, not just any privacy but this is an attempt to explain what is HIPAA privacy all about in the way only we would try to do it.

A recent bizarre case in an Atlanta suburb made me realize just how much we value our privacy but may not realize it until it has been taken from us.  When you hear this story I hope that you will start to understand what is HIPAA privacy really about especially if you are the one with access to these records.

HIPAA For MSPs by David Sims What is HIPAA Privacy Anyway
00:00:00 00:00:00

The Creepy Privacy Story

  • Peachtree City, GA is a very nice middle-class suburb with golf cart paths everywhere and very popular with pilots and others who work at the airport.
  • For 6 years – yes 6 years, the police have been taking complaints about a peeping Tom roaming one of the subdivision neighborhoods at night.
  • They had been chasing leads and questioning people but just unable to catch him or get a glimpse of him on security cameras.
  • On Dec 31, 2016 they get another call from a couple who kept hearing a noise outside while in their bedroom watching TV
    • The husband went to the bedroom window and pulled back the curtains and there stood a man staring back at him outside.
    • The man was gone by the time police arrived but they started asking neighbors if they saw anything.
    • One of their neighbors was a name that came up on their list as someone they had spoken to before during a previous incident so they stopped there again.
    • The man’s wife answered the door and said she had no idea where her husband had gone she couldn’t find him.
  • There were three police in the neighborhood. They discussed the situation and they got in the two patrol cars and left the neighborhood – BUT one of them stayed behind hidden in the guy’s back yard
    • As soon as the cars were gone the guy comes running up to his back door
    • There was the cop to greet him from the shadows
    • Apparently, he was wearing the same clothes “Tom” was wearing, out of breath, sweating, and carrying a camera
    • They arrest him and confiscate the camera
  • The camera had video of the victims who made the call that night plus several other nights on the of the same people at different times
  • They got a search warrant for his home and got all kinds of digital storage out of there.

    The videos showed various female neighbors going about their nighttime rituals: brushing teeth, undressing, having sex and sleeping.

  • He was charged with 23 incidents of eavesdropping, unlawful surveillance, criminal trespass, prowling and, of course, peeping Tom.
  • They are still reviewing his computer for more stuff
  • They are still identifying and notifying his victims – 6 years worth.

What is HIPAA privacy really about?

We talk about it all the time. But, imagine of this creep had access to your medical information as part of his job. What if he got his kicks going through medical records and found ways to hack into them to track his neighbors and learn things about them.

Privacy is something we don’t feel personally until it has been taken away from us.

Think about all the things in your medical records. There are many cases where someone accesses medical records specifically for privacy invasion. A lot of what we discuss on our episodes deal with medical identity theft and criminal enterprise type behavior. While those are by no means cases that don’t have potential to seriously impact an individual the ones that are very specific like this peeping Tom are often the most damaging to the specific persons involved. The are violated in ways not normally found in the massive breaches.

Just imagine you have a peeping Tom or stalker monitoring your medical records just like this guy was doing with his neighbors. Do you feel like that would be no problem for you? That is what the little breaches are often all about.

Examples of small privacy violations

  • A doctor’s office faxed a patient’s medical record to the patient’s employer instead of another doctor’s office. The patient had not shared with the employer that they were HIV+ until they records were sent to them to find out on their own.
  • Team No Hoes and It’s just FB not reality are two others we have discussed many times. Imagine being at a family reunion or baby shower and someone announces that you are being treated for X. Doesn’t matter what X is as long as it is something you don’t openly want to share with everyone in attendance.
  • The Farrah Fawcett case – very sad that should couldn’t tell her own family what was going on because she had to prove leaks of her records about cancer treatment and prognosis were coming from UCLA
  • Cam Newton ankle surgery revealed on sports radio show
    • A caller, who referred to himself as “Rick,” said his wife, whom he claimed was a nurse, told him Newton would have ankle surgery performed by orthopedic surgeon
    • The team released the news immediately that he was having surgery
    • The doctor’s office was mentioned and they got calls asking if it was true.
  • Nurse and husband being sued after a traffic accident. She pulls details from the plaintiffs medical records where she worked and used them to threaten them and get them to drop the law suit
  • Doctor who looked up his mistresses medical records to see if she had any STDs
  • CVS had multiple cases. So many they were hit with one big fine.
    • One patients meds were sent to a neighbor who had no idea they were being treated for cancer
    • A pharmacist yells personal information over the counter at a patient
    • Employee that accessed her ex husband’s records over 260 times
    • Employee shared health info with a parole officer
    • Employee watched one patients records 61 times and posted info on FB
  • Walgreen’s pharmacist who used the information in the medical records to help her boyfriend in his lawsuit against his baby mama. Her health records were used against her.
  • Same cases as the call I got where health records were being used in court cases.

Privacy violations no matter how small really do matter.  Hopefully, after all of this we hope you can understand what is HIPAA privacy when you put it in the context of a peeping Tom towards medical records.