When the CEO of Prime Healthcare and Shasta Regional Medical Center disclosed patient records in trying to defend themselves against a media report, I immediately noted that without the patient’s consent, they could not do that. Despite what was so obvious to most of us, they defended their disclosure, claiming that the patient had waived her privacy rights by sharing her information with the media. My blog post, “Prime Healthcare defends its disclosure of patient records – are they begging for a federal and state prosecution or what?” provides my analysis and response to their defense.
The state Department of Public Health investigated and found that they had, indeed, violated HIPAA. In November, Prime and Shasta were fined $95,000 by the state for breaching patient confidentiality. Amazingly to some of us, Prime still insisted it had done nothing wrong and stated its intent to appeal the fine. To date, it is not clear what, if anything, HHS has done about this case, but I wouldn’t be surprised if they, too, fine Shasta and Prime. I think it’s almost incumbent on them to do so, actually, as Prime’s repeated denials of wrongdoing need a very public and highly publicized smackdown to make sure that no one else does what Prime and Shasta did.
To add to their legal woes, the patient, Darlene Courtois, has filed a civil suit against Prime Healthcare in Shasta County Superior Court over the breach. California Watchdog has the story.
If Prime is smart, they’ll settle this case instead of trying to defend it. If this ever gets to a jury trial, I suspect a jury would come down with a huge award to the plaintiff to send a message that it is not okay for hospitals or systems to just share a patient’s records with the media or staff not involved in their care.
But then, Prime hasn’t been particularly smart about this case since the get-go, it seems, so maybe I’ll just go grab some popcorn and wait to see what happens next.