Printer Friendly, PDF & Email

Privacy compliance concerns: Privacy and security risk assessments of healthcare institutions

Amit Sarkar ( and is Vice President, IT PMO and Governance at Eye Care Leaders in Charlotte, NC.

When an unnamed woman filed a complaint in the US District Court in Kansas[1] on May 11, 2019, against Atchison Hospital stating that the hospital had shared her individually identifiable health information (IIHI) with her rapist, it underlined a major Health Insurance Portability and Accountability Act (HIPAA) violation arising from badly formed and poorly executed privacy policies. The complainant further stated that, after the rapist was tipped off that she had named him as the rapist, he proceeded to harass her online, on social media, through text messages, and through phone calls before sexually assaulting her a second time. This unauthorized access and disclosure might have affected only one person, but the severity of the personal harm, which includes a second rape, should have brought the hospital under the radar of the HHS Office for Civil Rights[2] (OCR) and Office of the Inspector General (OIG). [3]

This document is only available to members. Please log in or become a member.