HIPAA Criminal Verdict and Enforcement Statistics
The first criminal HIPAA verdict was entered in January of 2007, and HIPAA privacy rule enforcement statistics were reported at the 14th National HIPPA Summit.
In U.S. v. Ferrer, in the Cleveland Clinic case, a Florida jury found the Defendant, Mr. Fernando Ferrer, Jr. guilty of one count of wrongful disclosure of individually identifiable health information, five counts of aggravated identity theft, one count of computer fraud and one count of conspiring to defraud the United States. Mr. Ferrer was the owner of a healthcare claims administration company at the time and misappropriated the personal data of more than 1,100 patients of the Cleveland Clinic, using a cousin who was an employee of Cleveland Clinic to assist him in this effort. The misappropriated information was used to submit more than $7,000,000 of fraudulent Medicare claims, which netted about $2,500,000 in payments to providers and suppliers.
The following is a summary of the enforcement activities reported at the National HIPAA Summit, listing total complaints, closed cases and cases in which corrective action was taken or which were referred to the Department of Justice for prosecution.
|
Complaints Complaints Concluded: |
24,360 |
100% |
|
Closed: Preliminary Review |
12,542 |
|
|
Closed: Investigation |
1,972 |
|
|
Corrective Action |
4,015 |
|
|
18,529 |
18,529 77% |
|
|
Open Cases |
5,469 |
22% |
|
Referred to DOJ |
362 |
1% |
|
Prosecuted |
(39) |
|
|
24,360 |
Ref HIPAA Tiltle II Security. What is the standard for adequately securing computers containing personal information that could be used fraudulently?
Someone recently acessed my medical records from the hospital because, she is currently dating my e-boyfriend.She then told a thrid party that I was Quote 'Crazy as hell because she read my file"I have suffered from depression back in 1999. But she works at the hospital now and acessed my file August 6,2008. An invetigation was done and the report said she did acess my record and it was a hipaa violation. She then lied and told the director of the hospital that I was calling her house and following her, that was her reason for acessing my file. Her employer assumed this was true and did nothing. She lied, I have proof that I never called her or followed her.The hosipital says the case is closed and that even though a violation occured they stand by thier employes story that she looked in my file because she wanted to see if I have any history of violence.What should I do?