DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Her case shows why healthcare privacy laws exist

Posted on January 4, 2012 by Dissent

Michael Hiltzik writes:

Of all the personal information that you might want to keep private, your medical records are the most important. That’s why federal and state laws carry stiff penalties, up to and including jail time, for healthcare providers who let such data loose into the wild.

So you should be aghast at how free and easy Prime Healthcare Services and two executives at Prime-owned Shasta Regional Medical Center have been with the medical chart of a patient named Darlene Courtois. They showed the entire chart to an editor of her hometown newspaper, and Prime’s corporate office divulged some of her medical examination results to me (though I didn’t ask for them). They didn’t have her permission for those disclosures, her daughter says.

Their justification is that Courtois implicitly waived her medical privacy by sharing a portion of her records with a different news organization. But that doesn’t wash. No matter what Courtois said or did, without her specific consent Shasta still doesn’t have the legal right to disclose her file on its own, say the experts I’ve talked to.

Read more on Los Angeles Times.

This situation might be a good one to include in HIPAA privacy training – either specifically or in the more general form of whether doctors or providers can defend themselves against public statements made by patients if they do not have the patient’s explicit consent to discuss their case. It’s not clear from the report whether the hospital executives were relaying their own understanding (or misunderstanding) of HIPAA or if they had consulted with lawyers and lawyers had advised them that they did not need consent. But based on the circumstances described in the report, if they are accurate, the executives could find themselves facing HIPAA violation charges on top of their other problems.

Category: Health Data

Post navigation

← NY: Bronx cops in file flub
[CORRECTED AND UPDATED]: “Anonymous Dumps Bank of America client credit card info in #OpBank” – Fiction! →

1 thought on “Her case shows why healthcare privacy laws exist”

  1. Anonymous says:
    January 5, 2012 at 10:17 am

    One of the biggest barriers for people like me (health information system researchers focusing on privacy and security) in understanding EHR/PHR/HIE functionality and how it differs across institutions is that it’s impossible for a provider to allow me to see how physicians use these tools without some disclosure of PHI. I’m not saying I need to be accommodated, but I wish there were an easier way to allow tinkering with real systems in a safe way. Of course, this case is beyond egregious and is a great example of a case that cries out for HIPAA civil enforcement. (right?)

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Beyond the Pond Phish: Unraveling Lazarus Group’s Evolving Tactics
  • Akira doesn’t keep its promises to victims — SuspectFile
  • Fraudsters, murderers, students: who the GRU assembled a team of hacker provocateurs from and why it failed
  • Order of Psychologists of Lombardy fined 30,000 € for inadequate data security protection and detection following ransomware attack
  • Lower Merion School District says a data breach was caused by a computer glitch
  • After $1 Million Ransom Demand, Virgin Islands Lottery Restores Operations Without Paying Hackers
  • Junior Defence Contractor Arrested For Leaking Indian Naval Secrets To Suspected Pakistani Spies
  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • Class action settlement following ransomware attack will cost Fred Hutchinson Cancer Center about $52 million

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Stewart Baker vs. Orin Kerr on “The Digital Fourth Amendment”
  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.