N.Y. medical center settles HIPAA violations involving NP

Published

Specializes in Vents, Telemetry, Home Care, Home infusion.

Smartbriefs

12/24/15

N.Y. medical center settles HIPAA violations

The New York State Office of the Attorney General will receive $15,000 from the University of Rochester Medical Center to settle its possible HIPAA violations. The case stemmed from a data breach in March that occurred when a spreadsheet with the information of 3,043 URMC patients was given to a nurse practitioner who was leaving the facility to work at Greater Rochester Neurology and who gave the list to her new employer without permission. In addition to the money, a corrective action plan will also be submitted by the provider to prevent similar incidents.

Full story:

U-Rochester Medical Center Sanctioned for HIPAA Violations | HDM Top Stories

...In March 2015, a nurse practitioner soon leaving URMC for a new position asked URMC for a list of the patients she had treated at the medical center and received a spreadsheet with 3043 patient names along with their addresses and diagnoses, according to the settlement agreement. The nurse gave the spreadsheet to her soon-to-be new employer—Greater Rochester Neurology—without authorization from URMC.

Greater Rochester Neurology then mailed letters to the patients alerting them that the nurse practitioner would soon be joining the practice and inviting patients to be treated there. URMC learned of the breach when patients began calling the hospital to complain.

Now, URMC will provide to Schneiderman's office recommendations made by a taskforce that was formed to assess policies on departing and incoming employees, identify revisions to HIPAA policies, retrain the workforce, and notify the AG in a timely manner of any future breaches...

Up Vote Up Vote ×
Specializes in Healthcare risk management and liability.

I wonder if the NP had a 'non-compete' clause in her contract and breached that by stealing the patient list. Here in town, some of the larger healthcare systems are pretty enthusiastic about suing their former employees who do that sort of thing.

Up Vote Up Vote ×
Specializes in HH, Peds, Rehab, Clinical.

I think saying "stealing" is a stretch. She asked for a list and it was provided to her!!

I wonder if the NP had a 'non-compete' clause in her contract and breached that by stealing the patient list. Here in town, some of the larger healthcare systems are pretty enthusiastic about suing their former employees who do that sort of thing.
Up Vote Up Vote ×
Specializes in Healthcare risk management and liability.

I can pretty much guarantee that if the NP had told her former employer that the reason she wanted a list of current patients was to solicit them to move to her new employer, the list would not have been provided. And indeed, the article notes that the list was given to the new employer without authorization from the former employer. Both she and the new employer knew exactly what they were doing and that it was wrong.

Up Vote Up Vote ×
+ Join the Discussion