Advanced Search

Health Information Compliance Alert

Health Information News

Published on Tue Sep 07, 2004

Seattle Makes First Criminal HIPAA Conviction

A Seattle man pled guilty in federal court Aug. 19 to violating HIPAA's confidentiality rules, the Puget Sound Business Journal reports.

Richard Gibson confessed to gathering information about a cancer patient being treated by his employer, the Seattle Cancer Care Alliance, and using it to open four credit cards in the patient's name. He used those cards to finance a $9,000 shopping spree that netted him video games, jewelry and a bevy of other personal items, said U.S Attorney John McKay.

In an attempt to ease his punishment, Gibson has agreed to pay back the credit card companies and the cancer patient. U.S. District Court Judge Ricardo Martinez will determine Nov. 5 whether to accept Gibson's plea arrangement and decide on the man's sentence, which could be up to 16 months incarceration, PSBJ says.

The Seattle Cancer Care Alliance terminated Gibson's employment soon after the identity theft was uncovered.

CMS Answers Your Security Rule Questions

Looking for HIPAA advice straight from the horse's mouth? The Centers for Medicare & Medicaid Services published 12 new HIPAA FAQs Aug. 12 on its Web site.

Here are the top three:

  • Does HIPAA allow for sending electronic protected health information in an email or over the Internet?

    Sending e-PHI via email or over the Internet is allowed as long as access is protected. Covered entities are required to implement policies and procedures that protect the integrity of PHI and guard against unauthorized access.

  • What is encryption?

    Encryption is a method of converting an original message of regular text into encoded text. The text is encrypted by means of an algorithm (type of formula). If information is encrypted, there would be a low probability that anyone other than the receiving party who has the key to the code or access to another confidential process would be able to decrypt (translate) the text and convert it into plain, comprehensible text.

  • What is the difference between risk analysis and risk management?

    Risk analysis may include the inventorying of all systems/applications that are used to access and house data, and classifying them by risk. Risk management, however, is the implementation of security measures to reduce the risk of losing or compromising e-PHI.

    To view more FAQs, go to http://questions.cms.hhs.gov.

    Good TCS News 

    An impressive 96.66 percent of providers are submitting electronic claims that comply with HIPAA, CMS reports. The other 3.4 percent will continue to see their reimbursement delayed at least 27 days or more. 

    OCR Publishes Two New Fact Sheets

    HHS' Office for Civil Rights published new fact sheets on its Web site Aug. 17 aimed at providing medical staff and patients with an easily comprehensible overview of how the privacy rule affects consumers.

    The first guide, "Privacy and Your Health Information," is a general explanation of the rule. The second, "Your Health Information Privacy Rights," focuses on each right of privacy given to individuals by the rule.

    You can access the fact sheets at     www.hhs.gov/ocr/hipaa/consumer_summary.pdf and www.hhs.gov/ocr/hipaa/consumer_rights.pdf


    • Other Articles in this issue of

    Health Information Compliance Alert

    View All