Fred Donovan reports:
– US District Court Judge Rudolph Contreras dismissed a lawsuit by Hope Lee-Thomas accusing LabCorp of a HIPAA violation for not providing adequate privacy protections at its Providence Hospital computer intake station.
Lee-Thomas argued in her lawsuit that LabCorp failed to shield her PHI from public view at its computer intake station at Washington, DC-based Providence Hospital. The station was next to a Quest Diagnostics computer intake and her information was visible to the person using the Quest station, she said in her compliant (sic).
Read more on HealthIT Security.
“HHS responded that it would not pursue her claim”…
Surprise, Surprise! =)
If they are that close and in the same office then the 2 have a BAA agreement.
I doubt that the two labs have a BAA with each other over and above their BAA with the hospital, but it would be nice to confirm that.
To be in the Hospital they would have a BAA, with the Hospital. It is common for a practice to have on phlebotomist that works for the lab and not the practice and that person will do blood draws for other labs. The lab tech could be an employee of Labcorp or Quest or the Hospital. If Hospital then no question of HIPAA. Other 2 may be a grey area.
I also recall something about contractors/vendors. Even if there isn’t a signed BAA it is assumed. Although I can’ find it now. I do love how they make a statement near the end that makes you wonder. “This is only sample language and use of these sample provisions is not required for compliance with the HIPAA Rules. ”
Think she would have been better off if the complaint said that she could see another patient’s data on the screen.
:O Sorry my bad after reading the complaint. The hospital has a bad setup and should change it. I was thinking the stations were accessible but employee only. What an out.
” complaint failed to state a claim upon which relief can be
granted because HIPAA does not provide individuals with a private cause of action.”