Wiki HIPAA violations

[huguezbrian]

Yesterday a random guy emailed me for a remote Medical/Radiation Oncology coding opportunity. He seemed kind of suspicious and didn't want to provide me with any of his company information. So today he emails me (8) different patient complete medical records (mind you we have not established an employment relationship). So I do my investigation and it turns out that he is from India. Some Oncology/Hematology practice located in Florida contracted with a coding company in India and this man was trying to have me code these patient's treatment for them? Of course I called the practice and informed them, but my question is what do I have to do now? PHI was disclosed, multiple HIPAA violations were done?

Thanks!

 

[MnTwins29]

Tricky one

Since this is international, it gets dicey because the entity who improperly disclosed PHI is not in the US. You have done your part by notifying the Covered Entity and I am asuming you also deleted the PHI you recieved. You may also contact the Office of Civil Rights as they are the governing body who enforces HIPAA. Explain that you are not the patient whose PHI was improperly disclosed, but they may be able to help.

Good luck and thanks for doing the right thing with the PHI you recieved.

 

[mdoyle53]

I would not go to the Office of Civil Rights and only to the practice and let them work with their vendor. I am sure the practice will appreciate the information. The practice probably did everything correct so this will only help them.

 

[huguezbrian]

The medical records contained 12 different medical records with the patient's face picture?