If you search Orange County California Hospital, Prime Healthcare Services, Shasta Regional Medical Center fined $95,000, you’ll find yesterday’s story referred to here talking about California hospitals, owned by a Canadian company, that breached privacy records of patients through disclosure to news agencies and hospital employees that received a fine of $95,000 and an additional fine of $3,100 for non-disclosure of the breach to the state of California and the patients involved. The fine was imposed by the State Department of Public Health.(They're appealing the fine.)
The case was begun as part of a FRAUD investigation, an investigation about OVERBILLING by the hospitals involved, not through patient action (because patients were unaware), through hospital action (since hospitals kept patients unaware), or from any other auditing procedure or precaution regularly performed in connection with maintaining patient privacy.
Nowhere in healthcare do we see numbers this small except in the alleged “penalties” for breaching patient privacy. And, the PATIENTS involved will likely receive nothing since such compensation is not provided for by either HIPAA or the HITECH Act and relies on tort cases proving actual DAMAGES from the breach such as actions for invasion of privacy, or actions for identity theft traceable to the breach, or the cost of mental health counseling required for your personal health information being publicized.
As electronic health records move forward, it’s critical for individuals to take the time to do their own publicizing of breaches of privacy. In my opinion, what’s good enough treatment for us is good enough treatment for providers who breach privacy rights. After reporting the incident to the OCR and various other government websites responsible for following up on a situation, WE TOO can take the offender to task, as long as we have information to back it up that will protect us from slander or libel charges. Since providers can always attempt to argue that they’ve lost income to prove their damages, individuals must be careful to couch their opinions as opinions and facts as facts only when provable. A good way to do this is to make a statement and have a document to support it.
Right now healthcare seems to be something that’s done to us and regaining control over our own bodies, health and health information is an important step in turning these tables. Nobody gets paid without our money supporting this system. I believe we’ll see a reversal in this trend as people experience situations where they feel they have less to lose by speaking up and utilize current public forums for describing their experiences in the healthcare system or devise their own.
We must be the watchdogs for our information and that includes paying attention to current theories that allow hospitals to escape with relatively small fines for breaching patient privacy. Our misery, embarrassment, discomfort are basically worth nothing in dollars unless we seek medical care for issues arising from such misery, embarrassment and discomfort. We cannot repair the breach, no one can REGAIN privacy after it’s breached, our loss is permanent.
