How a HIPAA Violation Became Malpractice
5 Myths & Facts Every Provider Needs to Know
A 2013 $ 1.44 million malpractice verdict should get the attention of every doctor and hospital. In a suit against Walgreen’s, attorney Neal Eggeson successfully argued that HIPAA compliance was a ‘Standard of Care’ that every health care professional should practice, and by not doing so was professional malpractice.
To the surprise of many— including Walgreen’s— the jury agreed.
Myth #1: A Patient Cannot Sue for a HIPAA Violation
Fact: False.
While HIPAA does not include a “Right of Private Action” (the ability to sue) states give that right to their residents.
Myth #2: If I Train My Employees Then I Am OK
Fact: False.
Walgreen’s proved that their employee had received training, and even had signed a confidentiality agreement.
According to Walgreen’s, "The pharmacist in this case admitted she was aware of our strict privacy policy and knew she was violating it," the company said.
"We believe it is a misapplication of the law to hold an employer liable for the actions of one employee who knowingly violates company policy." (HealthITSecurity.com)
Walgreens still lost.
Myth #3: HIPAA Is Not a Standard of Care
Fact: False.
A Standard of Care is “the level at which the average, prudent provider in a given community would practice.” (MedicineNet.com)
Like wearing gloves or not sharing needles between patients.
The jury in the Walgreen’s case agreed that the HIPAA violation was the underlying cause of professional malpractice.
Myth #4: HIPAA Is Not Part of Patient Care
Fact: False.
While it may be annoying and expensive, like airport security, protecting your patient’s identity against theft is part of their care. No one wants their identity stolen- why should a doctor work hard to improve a patient’s health and then not care enough to comply with HIPAA and protect their data?
HIPAA is good for patients and it is also required by law.
Myth #5: My Malpractice Insurance Covers Cyber Liability
Fact: Maybe.
Some malpractice policies include cyber liability coverage, up to $ 50,000 or $ 100,000.
That may sound like a lot of coverage until you look at the Walgreen’s verdict- over $ 1.4 million.
Or when you look at the 2016 Cost of a Data Breach Survey that estimates the cost of a healthcare breach at $ 402 per record.
For a medical practice with 20,000 medical records a breach would cost over $ 8 million.
Your insurance carrier may refuse to pay, or, worse, sue you after a breach settlement.
In 2015, Columbia Casualty sued its client Cottage Health to recover a $ 4.1 million breach settlement with patients after the insurer discovered that Cottage Health’s insurance application contained false information.
At Semel Consulting our approach to HIPAA is to help you protect your patient’s privacy by guarding against identity theft, protecting your organization by reducing or eliminating risks that could result in fines or lawsuits, and to document your efforts so you could survive a HIPAA/Meaningful Use audit or data breach investigation.
Visit www.semelconsulting.com for more information.
Semel Consulting works with Covered Entities, Business Associates, and Subcontractors to properly manage HIPAA compliance.
MIKE SEMEL | www.SemelConsulting.com