Resources for Health Insurance Portability and Accountability Act (HIPAA)

Health Care Providers Not Required To Notify Patients Of Compromised Records

www.wisn.co

Identity theft is a widespread and well-publicized problem with huge financial repercussions, but a hole in the nation's notification laws could potentially prove lethal. There is no law requiring health care providers to inform patients when they learn that a thief may have accessed their health records.

One such breach was revealed last November when police said a ring of identity thieves had spent more than eight months pilfering patient records at Columbia St. Mary's Ozaukee Hospital. In that incident, the band of ex-cons depended on a housekeeper at the hospital to provide them with the information they needed to get online loans in patients' names. The janitor had no criminal record, but police said he did have keys to areas where the hospital stored confidential patient information.

View the Resource

Share or bookmarklet this web page at: