Health Care Providers Not Required To Notify Patients Of Compromised Records
Automated summary from: WISN.com
Identity theft is a widespread and well-publicized problem with huge financial repercussions, but a hole in the nation's notification laws could potentially prove lethal. There is no law requiring health care providers to inform patients when they learn that a thief may have accessed their health records.One such breach was revealed last November when police said a ring of identity thieves had spent more than eight months pilfering patient records at Columbia St. Mary's Ozaukee Hospital.
In that incident, the band of ex-cons depended on a housekeeper at the hospital to provide them with the information they needed to get online loans in patients' names.
About a dozen patients contacted police, but no law exists that required hospital administrators to notify other potential victims, and the Mequon hospital did not publicize the breach.
"It's point-blank nuts," state Rep. Sheldon Wasserman, D-Milwaukee, said of the loophole.
HIPAA strictly regulates the disclosure of patient records, but it does not require hospitals to notify all at-risk patients after records have been improperly disclosed.
