Shasta Regional Medical Center (Shasta) has agreed to pay $275,000 and enter into a corrective action plan (CAP) with the U.S. Department of Health and Human Services Office for Civil Rights (OCR) to resolve allegations that it improperly disclosed a patient’s protected health information (PHI) to the media, and impermissibly used the patient’s PHI in a mass e-mail sent by Shasta senior leadership to its workforce members without a valid, written authorization. OCR initiated an investigation of Shasta on January 6, 2012 – just two days after publication of an article in the Los Angeles Times (LA Times) reporting that several of Shasta’s senior leaders had met with the media to discuss medical services provided to a patient without authorization.
According to OCR’s investigation, Shasta engaged in conduct in December 2011 demonstrating that it had failed to safeguard the patient’s PHI. Specifically, Shasta sent a letter via its parent company, Prime Healthcare Services, to California Watch, an investigative reporting outlet focused on California issues, in response to a story regarding alleged Medicare fraud. The letter described the patient’s treatment and provided specific information about her laboratory test results in an effort to discredit the story. In addition, Shasta leaders met with editors of The Record Searchlight, a local Redding, California, newspaper, to discuss the patient’s medical record in detail. Subsequently, Shasta sent a letter to the LA Times containing detailed information about the patient’s medical treatment, and, that same day, sent an e-mail to its entire workforce and medical staff describing the patient’s medical condition and treatment.
Under the CAP, Shasta must update its policies and procedures on safeguarding PHI from impermissible uses and disclosures and must train its workforce members. In addition, fifteen other facilities under the same ownership or operational control as Shasta must attest to their understanding of permissible uses and disclosures, including disclosures to the media. Shasta did not admit to any liability under the Resolution Agreement. For a copy of the OCR press release, please click here. For a copy of the Resolution Agreement and CAP, please click here.
Reporter, Kerrie S. Howze, Atlanta, +1 404 572 3594, khowze@kslaw.com.
