[ Friday, December 17, 2010 ]


Great HIPAA Story: My dear friend Karen Pyatt phoned this afternoon with an awesome HIPAA story that I just have to share. A woman in her office ordered an item from a company that sells glass products, ornaments, and decorative pieces. The order arrived, packed in a box, with roughly-shredded paper protecting the fragile glass cargo. However, the shredded paper was not the finely cross-shredded paper you usually see (think ticker tape parade trash), but was shredded in such a way that it was easy to read what had been printed on the paper.

As you have already guessed, the packing paper was the medical record of a clearly-identified woman with a skin rash of some sort. The woman's name, the name of the dermatologist office, and all sorts of medical information about the woman's ailment and her treatment were sent, along with the glass doodad, to a random office in St. Louis.

Presumably, the glass company buys bulk shredded paper to use as packing material. Presumably, the dermatology clinic hires some company to shred and properly (!!) dispose of its medical records. How those two streams of commerce, this input and this output, got connected is the big question. But it almost certainly involves somebody doing something pretty darned stupid, and almost certainly in violation of either HIPAA or a Business Associate Agreement.

Karen has agreed to contact the glass company and ask where they get their packing paper. She's also going to try to contact the dermatology clinic. I'll keep you posted. . . .

Jeff [3:56 PM]

A story to make us know some info about our own health. This is our own wealth! Due to a greater need to increase efficiency inside the medical offices, many medical practitioners are searching for software that will be able to take care of all of their billing and client needs. Medical Billing Software perhaps is indeed a great tool. Our health is the best wealth we can have.

All of us need to be treated well in medical institutions and they themselves wants us to be satisfied and be well treated.
Did your friend get a response from the provider on this?
I did get a follow-up to the story:

"We were able to piece together the identify of the dermatology practice and I contacted them. I told them what happened, and that I understood that patient X had a nasty rash several years ago. They were mortified that I had a patient name, a very specific diagnosis and treatment plan for said patient. They said that they used a document destruction company to shred old files and they were going to follow up with, and in all likelihood fire, the company. We talked about the HIPAA issues with their business associate. I also told them they might consider identifying the patients whose files may have been "destroyed" by this company, and particularly patient X, that PHI had been (or may have been) disclosed. I promised to send them the remainder of the "shredded" file that we had retained so they could see how appalling it was. The lesson here, I suppose, would be to make sure your document destruction company: (i) at a minimum, cross shreds everything and mixes the shredded documents; and (ii) preferably does not sell your medical records to companies as packing materials."

Definitely good advice there.
Post a Comment
http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template