Healthcare Compliance Perspective:
False claims may result when a healthcare provider fails to reasonably protect patient “protected health information”.
A nurse who had been dismissed from her job at the Arkansas Department of Human Services (ADOH) sent the Personal Health Information (PHA) of more than 26,000 patients to her personal e-mail account. The patient data contained “names, medical codes, birthdates, diagnoses and Medicaid Identification Numbers” (some of which were Social Security Numbers).
The PHI breach was discovered when officials were researching for material to be used in their defense of a federal lawsuit filed by the nurse because she was fired from her job as a “payment integrity coding analyst.” The ADOH is endeavoring to recover the information. After her dismissal, the nurse had been hired by the State Hospital; but was fired from that position when the hospital learned of the breach at the ADOH.
The ADOH is planning to send notification to the people and their healthcare providers who had their PHA breached. The ADOH also posted details of the confidentiality breach on their website. Information about the incident which is a HIPAA violation has been sent to the USDHHS. This is the government entity that enforces federal health privacy laws.
The woman’s suit alleges that she was not treated in the same way as others in similar situations because she was African American. She also claims that her firing was the result of her filing a discrimination complaint and asking to speak to a representative at the Equal Employment Opportunity Commission (EEOC). The ADOH denies the discrimination and there has been no date set for a trial.