During a divorce case in Illinios, K.S. Kim claimed a hospital violated HIPAA by sending her health records to her ex-husband’s attorney.

“According to a civil suit filed June 27 in St. Clair County Circuit Court, Kyoung Suk Kim claims Belleville attorney Charles W. Courtney, Jr. submitted a subpoena to St. Elizabeth’s, “without express written authorization from Kim or accompanying court order, requesting medical health information, including mental health records, of Kim, option being given to the hospital to forward the requested records in lieu of a deposition.”
Courtney represented Kim’s ex-husband Christopher M. Stuhldreher, the suit claims.
Kim claims that shortly after Courtney’s request was made on June 28, 2005, the hospital forwarded her records.
The suit also names the Hospital Sisters of the Third Order of St. Francis, Hospital Sisters Health System and Courtney, Clark & Associates as defendants.
Kim claims the hospital had a duty to maintain the confidentiality of her medical health information. She claims that she has suffered injury to her reputation as well as mental pain and anguish, and incurred medical treatment expenses.
“That one’s physical health and medical condition are among the most intimate and personal aspects of one’s life and the right to privacy of such is at the core of what society, and this State regard as a fundamental component of individual privacy,” the complaint states.
Seeking in excess of $900,000 in damages, Kim is represented by D. Jeffrey Ezra and Sarah D. Smith of Ezra & Associates in Collinsville.”

It sounds like the hospital likely did not have procedures in place to validate the identities of, and authority of, person’s requesting protected health information (PHI).
Too many healthcare providers have done too little to meet all the HIPAA requirements; too many have only created a Notice of Privacy Practices (NPP) to give to their patients and very little else.
Is the Department of Health and Human Services (HHS) going to back up those promises of active enforcement they made earlier this year?
Without being actively enforced, HIPAA will continue to have very few covered entities (CEs) trying to meet full compliance.

Tags: awareness and training, Charles W. Courtney, government, HHS, HIPAA, Hospital Sisters of the Third Order of St. Francis, Information Security, IT compliance, Kyoung Suk Kim, OCR, patient privacy, PHI, PII, policies and procedures, privacy, privacy rule, security rule

This entry was posted on Friday, July 13th, 2007 at 1:30 am and is filed under government, Laws & Regulations, Privacy and Compliance. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.