Table data 1
HIM 226
02/08/2024
Chapter 9: Case Study
The following case, which resulted in a complaint to the HHS Office for Civil Rights with a subsequent investigation and corrective action, demonstrates that HIPAA privacy violations can readily occur with paper health records and by small providers that may seem to operate under OCR’s radar. It also demonstrates that health consumers are often aware of HIPAA violations when they see them, and they do take action:
A dental office was in the practice of flagging some of its medical records with red stickers containing the word “AIDS” on the outside cover. Further, office staff handled the records in a manner such that other patients and staff could read the stickers, even though they had no reason to know about the patients’ diagnoses. What HIPAA violation(s) can be identified in this scenario?
In this scenario, the dental office violates the HIPAA privacy law by releasing protected health information such as the AIDS status of the patients. It is in violation of the patient’s privacy to place such information where others can see it. The office should have placed the red stickers inside of the records so that the PHI would have been protected. The office should also revise their policies and procedures to protect their patients’ privacy.
