Client receives compensation from HIPAA violation
McShane & Brady, LLC recently settled a HIPAA case for an undisclosed amount stemming from a HIPAA violation involving her local hospital. Our client’s medical records were sent to her employer who then shared with others in the company. This is a clear violation of HIPAA law. The health care provider has a duty to investigate the disclosure, take affirmative steps to ensure that further disclosure does not occur, if appropriate discipline or retrain employees who facilitated the wrongful disclosure, if possible, contact the individuals who wrongfully received the information and secure the records, obtain an affidavit stating where and with whom the records were shared and assurances that the records would not be further disseminated, provide written notification to the patient outlining the action taken by the employer in response to the disclosure and take positive steps to mitigate the harm to the patient. Not only did the hospital wrongfully disclose our clients records, it took no steps, post disclosure, that it is required to take to mitigate the harm it caused.