HIPAA的真缔: 美国病人的隐私权神圣不可侵犯

一个中国医学生(CMG)在美国的生活。。。
打印 被阅读次数

美国的从医人员对HIPAA是如雷灌耳。但很多华人在从事临床和临床研究工作时却非常缺乏有关的法律知识,无意中犯法,有的受到坐牢的严厉处置。什么是HIPAA呢? 看看如下条款,一定会让你谨慎从事的:

You likely hear the word HIPAA often at work.  HIPAA refers to the Health Insurance Portability and Accountability Act (Public Law 104-901), signed into law on August 21, 1996.  The purpose of this law was to improve the efficiency and effectiveness of the health care system by standardizing the electronic exchange of administrative and financial data.  Under HIPAA, Privacy and Security Rules are defined.

The Privacy Rule provides the first comprehensive set of federal privacy protections.  It establishes a balance by providing consumers with personal privacy protections and access to high quality of health care.  The Security Rule requires the implementation of appropriate security safeguards for electronic health information and to protect individual’s health information, while permitting the appropriate access and use of that information.

We are fortunate to have robust system and access controls, however the weakest link are the individuals that forget or disregard rules or intentionally commit violations.  For example, your system password is the same as signing the work done under that sign-in and you are legally responsible for anything done under that password, whether you did it or not.  You should log-off when you leave your workstation and at the end of your shift.  You should not share your password.  Another example is when you print-out individually identified health information unnecessarily and it becomes misplaced or when individually identified health information is printed for business purposes and not disposed properly into a shredder bin when no longer needed.  If it is not necessary to print it, don’t print it.

Here are two expensive examples of sanctions imposed by the US Department of Health Services Office for Civil Rights against large healthcare providers.  It is important to understand too, that the following penalties are personally available:

1. Civil violations
    a. Maximum monetary penalty of $100 per violation capped at $25,000 for all violations of the same requirement by the same person per calendar year.

2..Criminal violations occur under the following circumstances and result in the noted penalties:

    a. Knowingly committing and act
          i.      Fine not more than $50,000, imprisonment for not more than one year, or both;

    b. Committed under false pretenses
          i.      Fine not more than $100,000, imprisonment for not more than five years, or both;

    c. Committed with the intent to sell, transfer, or use PHI for commercial advantage, personal gain or malicious harm
          i.      Fine not more than $250,000, imprisonment for not more than 10 years, or both.

If you have any questions or concerns about Privacy and Security, you have access to different resources.  Speak with your Facility Privacy Official or with your Supervisor, Manager or Director.


一个中国来的外科医生成了美国史上第一位因违犯HIPAA而坐牢的人:

A former UCLA Health System employee, apparently disgruntled over an impending firing, has been sentenced to four months in federal prison after pleading guilty in January to illegally snooping into patient records, mainly those belonging to celebrities.

Huping Zhou, 47, of Los Angeles, who was sentenced Tuesday, now has the dubious distinction of being the first person to ever receive prison time for violating the privacy stipulations under Health Insurance Portability and Accountability Act (HIPAA), according to the U.S. Attorney's Office for the Central District of California.

Zhou, a licensed surgeon in China, was working as a researcher at the UCLA School of Medicine in 2003 when he began accessing medical records of his supervisor and co-workers after being notified that he soon would be fired for job performance issues, prosecutors said. Over the next three weeks, he extended his snooping to mostly celebrity records. In total, he accessed the patient records system 323 times.

As part of a plea agreement, Zhou admitted he "obtained and read" private medical records on four separate occasions and had no legitimate reason to do so, prosecutors said.

Zhou's attorney did not return a telephone call seeking comment.

"UCLA considers patient confidentiality a critical part of our mission of providing the highest level of teaching, research and patient care and fully supports the U.S. attorney's initiatives to protect patient privacy by vigorous enforcement of HIPAA," the health system said in a statement.

The prosecution of Zhou appears to be proof that attorneys generals are increasingly willing to take HIPAA violators to court.

New York-based health care lawyer Sara Krauss told SCMagazineUS.com on Thursday that she expects to see increased prosecution against HIPAA offenders, partly because of the federal government's heightened focus around privacy.

"It's possible that the increased enforcement and penalties under HIPAA are reflective of what's going on in the rest of the privacy arena," Krauss said.

This is not the first time UCLA Medical Center has faced privacy intrusions. In 2008, it moved to fire 13 employees and suspended six others for unauthorized access to confidential medical records of pop star Britney Spears.


- Dan Kaplan SCMagazineUS.com News April 28, 2010

登录后才可评论.