A licensed practical nurse (LPN) plead guilty to wrongfully disclosing a patients health information for personal gain. The woman faces a maximum of ten (10) years imprisonment, a $250,000 fine or both. Having shared the patient's information with her husband, the husband contacted the patient and told the patient that he was going to use the information against him in an upcoming legal proceeding. Click here to read the full story.

Protect your medical office and patients by conducting a HIPAA Risk Analysis and having a HIPAA Policy. The Security Management Process standard in the Security Rule requires organizations to “implement policies and procedures to prevent, detect, contain, and correct security violations.” (45 C.F.R. § 164.308(a)(1).) Risk analysis is one of four required implementation specifications that provide instructions to implement the Security Management Process standard. Section 164.308(a)(1)(ii)(A) states:

RISK ANALYSIS (Required). Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the [organization].

Click here for more on conducting a HIPAA Risk Analysis