Sometimes sensitive health information is not in the hands of a HIPAA-covered entity or business associate. When there’s a breach, HIPAA won’t kick in. Here’s a case in point:
Karen Velie reports that a homeless couple searching through trash discovered a box of California Men’s Colony (CMC) prisoner files:
The files contained the inmates’ past criminal history, psychological evaluations, social security numbers, reports about their behavior in prison and reports regarding their relationships with their families. Each of the eight files describe an inmate who had been found guilty of murder. Some of the men have been paroled, others had their requests for release denied and one is waiting to have his case heard for the first time later this year.
An investigation determined that the files had been given to San Luis Obispo based attorney Peter Ferguson, who promptly blamed his wife for the breach:
The local attorney had represented each of the inmate’s attempts to get paroled through the California Board of Prison Terms. The private attorney said he thought his wife was responsible for putting the documents in the dumpster.
“I think my wife was cleaning out the car and she threw them out,” Ferguson said.
Whether he will face any disciplinary charges from the state bar association for failing to adequately protect client’s confidential records remains to be seen.
Read more on CalCoastNews.com