The Topeka Capital-Journal reports that a patient at Stormont-Vail HealthCare in Topeka, Kan., received another patient’s health records in a breach of the individual’s privacy rights and the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The Capital-Journal reports:
On Sept. 26, [Lori Stein] went to an endocrinologist at Cotton-O’Neil Diabetes and Endocrinology Center, which is part of the Stormont-Vail HealthCare system, for a routine checkup to monitor her diabetes. During the checkup, she asked if the physician could give her a new glucometer, and within a short time a nurse — a different nurse than who had checked her in — brought her a sample glucometer in a box, as well as a box of test strips.
When Stein, 56, returned home, she noticed a folded 8-by-11-inch, two-page patient data report between the boxes of medical supplies. She unfolded the document and started reading about mid-page to see if the medication list was correct. […]
Knowing something was wrong, her eyes scanned to the top of the page. There, she saw another patient’s name, address, birth date, current and past diagnoses, medications, medical record number, allergies, and vitals, such as height and weight. […]
The next day, Stein called the physician’s office to let them know of the privacy breach and was told an investigation would be launched. It was suggested she talk to Barbara Duncan, the chief privacy officer at Stormont-Vail HealthCare. […]
Stein isn’t the only one who mistakenly has received private medical data. The Topeka Capital-Journal frequently receives unsolicited documents containing private medical information from local hospitals and physician’s offices. The Capital-Journal discards the documents or mails them back, as requested by the corresponding health care facility. […]
Under new regulations that went into effect this year, [said Donna Moranville, with the privacy/security compliance division of the Sisters of Charity of Leavenworth Health System in Denver], civil penalties can be imposed for HIPAA violations ranging from $100 per penalty up to a maximum annual penalty of $1.5 million per violation type.