Karen Zatkulak updates this story previously covered here:
[…]
But police say these medical documents do mention several local facilities. Weary says, “Some procedures may have been performed at Hutcheson, Memorial, and Erlanger.”
Weary says this case is now being investigated by federal officials who regulate HIPAA violations, and right now, police are not blaming anyone, or any hospital. “Mentioning those hospitals has nothing to do with or nothing to say that these particular hospitals have anything to do with the dumping of these files.”
Monday, Hutcheson Medical Facility released a statement on their website saying the information came from a plastic surgeon who worked in Chattanooga, but moved to North Carolina and died in 2007. We asked Sergeant Weary about that statement, but she would not comment. “To put blame or attribute this to one specific doctor, no we can’t adequately say, we can say that several doctors names were seen on the files during the time that we were collecting the files.”
While police say the documents are sitting secure while the investigation continues… we wondered who should be telling patients that their privacy may have been violated.
Good question. If it should turn out that those who created the files are deceased or non-locatable, who should notify the patients? Someone dumped those files there, but it could be a firm with no connection to healthcare. So… should the party who exposed the papers have the responsibility for notifying? If it’s someone who bought out a storage unit, do you really want them going through the medical files to make the notifications?