In June 2009, a young mother of three children was sentenced to imprisonment for publishing the medical records of a woman who was HIV positive on her personal web page on the Internet. The state of Hawaii has pressed criminal charges against the woman stating that she has committed a class B felony by accessing a computer when she did not have the required authority and authorization. When further investigation was conducted into the case, it was revealed that the HIV positive woman and her sister-in-law had some disagreements between them and the woman who has publicized the medical records was a friend of the sister-in-law. She was working as a representative of patient services at the hospital where the HIV positive woman was coming for her checkups. She had pulled out the medical records of the patient from the computer at the hospital.

The medical records of the patient had been accessed three times in a time period of ten months. Once the employee learned regarding the medical condition of the patient, she posted the details on her personal page on My space. During the second posting, she stated that the patient was dying of AIDS. The patient made a complaint to the hospital authorities and the employment of the defendant was terminated after an investigation had been made into the matter. Once the case had been taken to court, a one-year jail sentence was handed over to the defendant. Despite the fact that justice had been served, many people still wonder as to what extent the hospital is responsible for the breach in security of medical records, which had taken place.

According to federal laws, health care providers should be imposed with fines when the medical records of patients have been disclosed to people who should have gained access to them in the first place. The privacy regulations, which come under the health insurance portability and, accountability act of 1996 or HIPAA, were actually enforced only on April 14 2003. The health information of all people will be well protected under this act and people will also get access to better quality health care. All kinds of health care providers, health care plans, health care clearing houses, which are responsible for the administrative and financial transactions of the health care system, will be covered under HIPAA.

Apart from the privacy regulations, the security rules which come under the health insurance portability and accountability act or HIPAA became effective on April 21 2005. These are the only rules regarding the usage and disclosure of information, which is extremely sensitive and confidential. The security rules of HIPAA with regard to the protection of information in an electronic format come under three main groups namely administrative safeguards, physical safeguards and technical safeguards. Some of the more important safeguards are the administrative sanction policy and the security awareness training safeguards.

According to the sanction policy, all employees should receive an official notification regarding the civil and criminal penalties, which they are likely to face for the wrong and incorrect usage of medical information. According to the security awareness training standards, all employees should take part in all the training programs with regard to security.

Related Hipaa Posts

• April 24, 2010 -- What Are HIPAA Laws?
• August 6, 2009 -- HIPAA laws and patients