# HIPAA violations



## huguezbrian (Nov 30, 2011)

Yesterday a random guy emailed me for a remote Medical/Radiation Oncology coding opportunity. He seemed kind of suspicious and didn't want to provide me with any of his company information. So today he emails me (8) different patient complete medical records (mind you we have not established an employment relationship). So I do my investigation and it turns out that he is from India. Some Oncology/Hematology practice located in Florida contracted with a coding company in India and this man was trying to have me code these patient's treatment for them? Of course I called the practice and informed them, but my question is what do I have to do now? PHI was disclosed, multiple HIPAA violations were done?

Thanks!


----------



## mdoyle53 (Nov 30, 2011)

Your calling the practice that originated the services should be sufficient as it is their problem and they now know.


----------



## kevbshields (Nov 30, 2011)

In addition, I would report what information I have to the OCR of HHS.  Although the requirements are that facilities should report, for low numbers of violations, I'm not sure the enforcement or compliance is strong.  Although you've alerted the practice, there's no guarentee any follow-up or change in practice shall occur.


----------



## pwright3603 (Dec 2, 2011)

*violation*

I hate to say it, but you get what you pay for.


----------



## huguezbrian (Dec 5, 2011)

There were 12 different patients medical records?


----------



## zanalee (Dec 5, 2011)

what company is this? i hope i didnt apply for it.


----------

