Medical Students and HIPAA Violations

HIPAA Privacy Violations

Every medical student knows or soon learns that HIPAA laws are a serious concern for healthcare organizations and providers. HIPAA is short for the Health Insurance Portability and Accountability Act. HIPAA laws protect patient privacy rights and the security of patient medical records. The HIPAA Privacy Rule requires healthcare organizations and healthcare providers to limit the disclosure of individually identifiable health information. With dozens of professionals having access to individually identifiable health information, HIPAA violations can be common, especially among physicians in a hospital or private practice. The American Medical Association reports these five most common HIPAA violations based on federal enforcement statistics:

  • Impermissible use or disclosure of protected health information
  • Lack of safeguards to protect health information
  • Lack of patient access to their protected health information
  • Lack of administrative safeguards for electronic health information
  • Use or disclosure of more than the minimum necessary health information

HIPAA Enforcement

Hospitals, clinics, medical schools, and other employers of healthcare workers take HIPAA laws seriously. Employers and schools pursue aggressive voluntary compliance and corrective action measures because HIPAA violations can carry huge penalties. The U.S. Department of Health & Human Services enforces HIPAA laws through its Office of Civil Rights (OCR). The OCR responds to HIPAA violation complaints, investigating allegations and enforcing HIPAA law. The OCR also conducts compliance reviews in the absence of complaints, penalizing entities and providers even without a complaint if compliance measures are not in place. See, for example, this $400,000 settlement the OCR reached with a health system simply for potential violations. The American Medical Association names these sanctions against healthcare organizations and providers that can follow HIPAA violations:

  • Tiered civil penalties for unknowing violations, reasonable cause violations, or willful neglect violations, ranging from $100 to $50,000 per violation up to a $1.5 million annual maximum
  • Criminal fines of $50,000 for knowing violations, $100,000 for false pretenses violations, and $250,000 for personal gain or malicious violations
  • Criminal conviction and incarceration for up to one year for knowing violations, five years for false pretenses violations, and ten years for personal gain or malicious violations
  • Exclusion of the covered entity from Medicare program reimbursement, effectively ending the entity's ability to survive financially

Medical School Respect for HIPAA Laws

HIPAA laws are so serious of a concern for healthcare organizations and providers that medical schools place special emphasis on those laws when training their medical students. Your medical school will expect you to comply with HIPAA laws in your clinical education, even though you are a student rather than a physician or employee. Harvard Medical School provides a good example. Section 4.18 of Harvard Medical School's Student Handbook declares: “All students must follow Health Insurance and Portability and Accountability Act (HIPAA) rules when participating in clinical activities at affiliated hospitals and clinics; HIPAA compliance includes maintaining confidentiality of paper and electronic health records.” Harvard's Student Handbook explains, “Patient confidentiality is a critical value for physicians and physicians-in-training and is essential for maintaining the patient-doctor relationship and for preserving the trust that society has placed in the medical profession.” Stanford University's School of Medicine provides another good example of a HIPAA training policy students must complete before beginning classes and annually thereafter. Your medical school will be watching to ensure that you comply with HIPAA laws.

Medical School Enforcement Against HIPAA Violations

Your medical school may also commence a disciplinary proceeding and take action against you if you violate HIPAA laws in your medical training. Medical schools regard complying with HIPAA and other laws as a professionalism concern. You must not only make good grades and demonstrate your medical knowledge and competence in medical care. You must also show that you can conform your conduct to the profession's norms, including laws governing medical practice. Professionalism violations, like HIPAA violations, can get you in just as serious trouble as failing to make good academic progress and grades. Section 4.18 of Harvard Medical School's Student Handbook, for a clear example, declares: “When violations of HIPAA by a student are identified by a hospital, clinic, physician's office, etc., the violation will be reviewed by the HMS Promotion and Review Board (PRB), which will recommend remediation and sanctions, including the possibility of required withdrawal or expulsion.”

Defending Medical School HIPAA Violation Charges

If you face your medical school's disciplinary charge that you may have violated HIPAA laws in your clinical training, take that charge seriously. As the forgoing Harvard Medical School policy shows, the allegation of a HIPAA violation can place your medical education at risk. Even if you do not expect to face school dismissal, you should be thinking about resolving school HIPAA charges on the best record and terms to ensure your ability to obtain your medical license. Licensing boards consider medical school disciplinary records. Just because your medical school graduates you doesn't mean the medical profession must license you. Fortunately, though, a HIPAA charge doesn't mean that the charged student has actually violated HIPAA. HIPAA laws protect various safe harbors and allow for various defenses. Defenses can include things like patient consent, the necessity of disclosure, a supervisor's direction to disclose, or no disclosure at all. Medical schools also recognize that they are training students whose knowledge of protocols and conventions is necessarily incomplete. Defend HIPAA charges aggressively with a skilled and experienced medical student defense attorney.

Premier Medical Student Defense Attorney Available

Your best move as a medical student facing HIPAA charges is to retain premier medical student defense attorney Joseph D. Lento and the Lento Law Firm's student defense team. Attorney Lento has successfully defended hundreds of college and university students nationwide against professional misconduct, academic misconduct, behavioral misconduct, and other disciplinary charges. Attorney Lento and the Lento Law Firm team can investigate, evaluate, and aggressively defend false, unfair, exaggerated, and unsupported charges. Attorney Lento also negotiates with school officials for fair compromise resolutions that preserve the student's educational interests while respecting the school's need to comply with HIPAA and other laws. Get the help you need. Call 888.535.3686 or go online now.

Contact Us Today!

If you, or your student, are facing any kind of disciplinary action, or other negative academic sanction, and are having feelings of uncertainty and anxiety for what the future may hold, contact the Lento Law Firm today, and let us help secure your academic career.

This website was created only for general information purposes. It is not intended to be construed as legal advice for any situation. Only a direct consultation with a licensed Pennsylvania, New Jersey, and New York attorney can provide you with formal legal counsel based on the unique details surrounding your situation. The pages on this website may contain links and contact information for third party organizations - the Lento Law Firm does not necessarily endorse these organizations nor the materials contained on their website. In Pennsylvania, Attorney Joseph D. Lento represents clients throughout Pennsylvania's 67 counties, including, but not limited to Philadelphia, Allegheny, Berks, Bucks, Carbon, Chester, Dauphin, Delaware, Lancaster, Lehigh, Monroe, Montgomery, Northampton, Schuylkill, and York County. In New Jersey, attorney Joseph D. Lento represents clients throughout New Jersey's 21 counties: Atlantic, Bergen, Burlington, Camden, Cape May, Cumberland, Essex, Gloucester, Hudson, Hunterdon, Mercer, Middlesex, Monmouth, Morris, Ocean, Passaic, Salem, Somerset, Sussex, Union, and Warren County, In New York, Attorney Joseph D. Lento represents clients throughout New York's 62 counties. Outside of Pennsylvania, New Jersey, and New York, unless attorney Joseph D. Lento is admitted pro hac vice if needed, his assistance may not constitute legal advice or the practice of law. The decision to hire an attorney in Philadelphia, the Pennsylvania counties, New Jersey, New York, or nationwide should not be made solely on the strength of an advertisement. We invite you to contact the Lento Law Firm directly to inquire about our specific qualifications and experience. Communicating with the Lento Law Firm by email, phone, or fax does not create an attorney-client relationship. The Lento Law Firm will serve as your official legal counsel upon a formal agreement from both parties. Any information sent to the Lento Law Firm before an attorney-client relationship is made is done on a non-confidential basis.