You’ve take every step to secure protected health information (PHI) at your medical practice, but have you done the same at home? A Connecticut hospital learned this lesson the hard way after a home robbery led to the possible exposure of 8,000 patients’ PHI.
The case: A Connecticut hospital hired a subcontractor to work on its computer systems, and one of the subcontractor’s employees left a laptop containing the unencrypted PHI of 8,000 people at home. When the home was robbed, the laptop disappeared, and although the hospital reports that none of the PHI has been used inappropriately, the hospital and subcontractor will pay a combined $90,000 penalty. Both entities must also put privacy practices into place going forward.
The takeaway: Ensure that all PHI is encrypted, whether it’s on your facility-owned devices, those used by contractors, or even employees’ personal devices if they are taking PHI home with them at night. It’s too risky to simply hope that your devices don’t fall into the wrong hands.
In other news…
If your lab doesn’t have the ability to test urine samples, it’s not a good idea to freeze them and then bill for testing the following year. That’s the lesson from a recent indictment against the owners of a Kentucky clinical laboratory that the Justice Department announced on Nov. 6.
The lab owners are accused of collecting thousands of urine samples that they didn’t have the ability to test in 2010, so they froze the samples and tested them almost a year later, even though they were aware that the results would be returned far too late to treat the patients. The lab then billed Medicare, Medicaid and other payers for the testing. If convicted, the lab owners could face up to ten years in prison.
Resource: To read more about the case, visit www.justice.gov/usao-edky/pr/five-former-owners-kentucky-clinical-laboratory-indicted-health-care-fraud .