A recent action by the Connecticut Medical Examining Board (a unit of that state's Department of Public Health) should serve to remind covered entities and business associates that it is not only the federal government that can act to enforce HIPAA's privacy requirements. In a consent order dated the 21st of March, but officially accepted in mid-June, Dr. Gerald Micalizzi accepted a $20,000 fine, six months probation, and additional education requirements for inappropriately accessing the records of patients at Connecticut's Griffin Hospital.
Dr. Micalizzi, an interventional radiologist, worked for a company contracted by the hospital to provide radiology services. His position at the hospital was terminated, along with his access to the hospital's electronic record system, as of February 3, 2010. From February 4 through March 5, 2010, however, Dr. Micalizzi used the system credentials of another physician (who was unaware his credentials were being used) to access nearly 1000 patient records. He downloaded information belonging to 339 of these patients, and contacted them personally to inform them that he would be providing radiology services at another facility.
Please see full alert below for more information.
Firefox recommends the PDF Plugin for Mac OS X for viewing PDF documents in your browser.
We can also show you Legal Updates using the Google Viewer; however, you will need to be logged into Google Docs to view them.
Please choose one of the above to proceed!
LOADING PDF: If there are any problems, click here to download the file.
