Question
What is the name of your state? Indiana
I have had 3 occupational injuries at my place of work. Tonight on my way into the building another worker asked me if I was Dennis Kimble. I said yes... Why**************
He said he had been off work with an injury, and for whatever reason there is a court case involving his injury and partial permanent disability. Then he tells me how my employer and the workers comp company had sent him his medical records reguarding his injury. Last night as he looked through some of this paperwork he realizes that they had made a mistake.
My employer and/or the workers comp company sent him all of my medical records as well as his. Not just records from my workers comp injury, but my full medical records including what my personal doctor has.
I don't understand why they had my original medical records and not just the ones from my OI. What really makes me mad is the fact that with all the restrictions on medical records and the new HIPAA laws they could be this stupid. Our names are not even close, and the injuries were over a year apart.
I wasn't sure what to do or say to them about this. Can they get in trouble for mishandling my medical records like this? I am furious that they have made this mistake but I am not too sure what if anything I can do about it....
So, are their any Human Resource managers or lawyers around here that could give me some advice on how to handle this.
I understand mistakes happen, but who knows how many times this may have happened. If they are that careless with my records they must be with everyone elses as well.
That was what I posted elsewhere.
I have done some reading and I have gotten the forms to file a complaint with the Office of Civil Rights. I understand that most of these complaints nothing ever happens and their is no compensation to the actual individual who was violated under the federal laws. The documentation did say there are sometimes state laws that would give the violated person possible compensation.
So my question is, does anyone know if Indiana has any such laws? I should know in the next day or 2 what records this other employee has and who exactly sent which records to him. He was sent some records from the WC Specialist at my employer and also some from the Workers Comp Case manager.
Answer
So, are their any Human Resource managers or lawyers around here that could give me some advice on how to handle this. The first thing you need to do is immediately inform your employer/HR Department of the enormous error their WC carrier made so that they can get your medical records back from that employee.
Answer
The employee is returning all of the records to me. I have informed the VP of Human Resources at my employer and asked him to conduct his own investigation into what happened and why.
I am trying to find out if Indiana has any laws that would entitle me to damages for them violating my civil rights. The HIPAA laws say they would be subject to civil or criminal punishment, but nothing is payable to the violated person.
Most complaints never result in damages anyway as far as HIPAA violations go. From what I have read today anyway.
Answer
This is what I found out when researching HIPAA violations and the punishment... Doesn't seem these HIPAA laws have much teeth to them.
Administration News | HIPAA Privacy Law Has Resulted in No Civil Fines to Date, Despite Numerous Complaints
[Jun 05, 2006]
HHS has received more than 19,000 grievances regarding alleged violations of medical privacy provisions in the Health Insurance Portability and Accountability Act, but the agency has levied no civil fines and prosecuted just two criminal cases, the Washington Post reports. Since its implementation in 2003, HIPAA has guaranteed a uniform federal law for ensuring the privacy of medical records. HHS has the authority to impose fines for civil violations ranging from $100 to $25,000, and officials can refer possible criminal violations to the Department of Justice. The government has closed more than 14,000 of the 19,420 filed grievances, either ruling that a violation did not occur or allowing health care providers and insurers to correct violations voluntarily without issuing a penalty. At least 309 cases have been referred to DOJ. The most common allegations involve improper disclosure of medical records, inadequate security for records, failure to obtain authorization to disclose records or difficulty for patients seeking to obtain their own records. An HHS spokesperson said the agency has conducted a "handful" of compliance reviews. Reaction
Winston Wilkinson, head of the HHS Office of Civil Rights, which is responsible for enforcing the law, said, "Our first approach to dealing with any complaint is to work for voluntary compliance. So far it's working out pretty well." Wilkinson added, "We've had challenges with our resources investigating complaints. We've been successful with voluntary compliance, so there has not been a need to go out and look." Wilkinson said about 5,000 cases remain open, which could result in fines. Larry Fields, president of the American Academy of Family Physicians, said, "We're more used to the government coming down with a heavy hand when it's unnecessary. I applaud HHS for taking this route." However, Janlori Goldman, a health care privacy expert at Columbia University and director of the Health Privacy Project, said, "The law was put in place to give people some confidence that when they talk to their doctor or file a claim with their insurance company, that information isn't going to be used against them." Goldman added that HHS has "done almost nothing to enforce the law or make sure people are taking it seriously. I think we're dangerously close to having a law that is essentially meaningless." Chris Apgar, president of Oregon health care industry consultant Apgar & Associates, said providers "are saying, 'HHS really isn't doing anything, so why should I worry?'" Privacy advocates say the need to enforce HIPAA will increase if or when the federal government is successful in its effort to implement a system of electronic health records (Stein, Washington Post, 6/5).
Answer
This is what I found out when researching HIPAA violations and the punishment... Doesn't seem these HIPAA laws have much teeth to them.
For isolated incidents, especially those that stem from honest mistakes (as this one likely did, no. HIPAA is not intended to prevent human error or punish mistakes. The point of it is to change the way the healthcare industry treats its records on a large scale. So single incidents will be investigated, and hopefully they will find out how it happened so it won't happen again, but there's a reason that a HIPAA violation isn't generally grounds for a personal lawsuit. Tangible damages would have had to occur to have grounts for a lawsuit.