[ Wednesday, May 27, 2009 ]
Tenet Employee Caught Stealing Medical Records:
Your basic identity theft/credit card fraud
case. But since it involves medical records, HIPAA is implicated, and the story indicates that the duo will be charged with criminal HIPAA violations. Under the original DOJ guidelines that say employees can't violate HIPAA (the thief was a records tech, not a nurse or other specialty that might be bootstrapped into the definition of "provider"), there would be grounds to fight the HIPAA part of the charge. But since ARRA expanded the coverage of criminal violations to business associates, there might be more legitimate claims for a criminal HIPAA violation.
Or would there? It seems to me that the thief wouldn't be a "business associate" of the hospital, but rather a member of the hospital's workforce.
I doubt it will matter. There are sufficient other charges that will easily stick, and I doubt the defendant here will care that she's being charged with a HIPAA violation rather than some other criminal violation; she'll plead down to whatever they give her.
Jeff [9:17 AM]
Blogger: HIPAA Blog - Edit your Template