HealthBlawg

David Harlow's Health Care Law Blog

    • Twitter
    • Facebook
    • LinkedIn
    • RSS
    • Email
  • About
  • Archives
  • Podcast
  • Press
  • Awards/Reviews
  • HIPAA
  • HCSM

Practice Pointers in the Wake of the Johns Hopkins Hospital Privacy Settlement

August 11, 2014


An OB/GYN at Johns Hopkins was fired last year after a colleague reported her suspicions about a "pen-like device" that was always around his neck, and that turned out to be a camera. He had secretly photographed 7,000 patients over ten years while conducting pelvic exams. Ten days later he committed suicide. Last month, the hospital agreed to settle the class action lawsuit brought by patients whose privacy had been violated for $190 million.

My advice to health care providers (Covered Entities under HIPAA) in a story in Report on Patient Privacy in light of this case recognized the fact that there is no way to protect an organization against a determined bad actor, but there are ways to limit the damage that may be wrought by such an individual. Photography is clinically appropriate in a wide variety of situations, but given the attention that this case has been getting nationally, Covered Entities would be well-advised to review photography and recording policies and their implementation, and be sure to explain them carefully to patients.

Here's an excerpt from the piece with some of my specific advice:

  • Ensure consent is appropriately received. For example,“obtaining informed consent for use of photography or other recording devices should be standard in both the research and treatment contexts. In the research context, institutional review board approval should be required in advance as well. Policies should mandate the documentation of informed consent before any recording may be made.”
  • Make it easy to complain. “If there is a strong culture of compliance, generally, in a practice or institution, then reporting of violations or suspected violations of whatever sort, via an anonymous tip line or other mechanism, may be promoted and used.”
  • Look beyond policies and procedures. “I don’t care how carefully you have plotted out your privacy and security compliance plan,” Harlow says. “It has to be implemented by the people in your organization, and if they have not bought in to the whole concept and taken the core principles to heart, then the plan can never truly be operationalized.”
  • Customize your approach. Make it homegrown, and provide training and education “not just with respect to the ‘shalts’ and ‘shalt nots’ in the privacy rulebook.”
  • Foster patient empowerment and “patient-centeredness.” When this is done, “patients speak up immediately if something seems amiss rather than harboring misgivings.”

CEs should take care to employ methods that fit “with a broader culture of compliance and patient-centeredness and patient empowerment throughout the institution,” Harlow concludes. “Unless this is done, an institution runs a greater risk of experiencing a local or general breakdown in the realm of patient privacy.”

There has been no announcement to date of an OCR investigation in this matter. As in the case of the recent story about "baby wall" photographs of newborns, some commentators note that the photographs in question are not identifiable as photographs of specific individuals and therefore do not raise HIPAA issues.

The damage done in this case to the trust of thousands of women is likely to be felt for years, as many members of the class — as well as other women — are likely to avoid the health care system in the future and therefore to bear a heightened burden of disease.

David Harlow
The Harlow Group LLC
Health Care Law and Consulting 

Filed Under: Health care policy, Health Law, HIPAA, Hospitals, OCR, Physicians, Privacy, Social Media

you might also like:

  1. HIPAA Privacy and Security Compliance: Should You Care?

  2. HIPAA: Liability to Private Parties for Violations

  3. Smile! Privacy Policy Snapshot ~ Model Privacy Notice

« Solving Sovaldi: David Harlow Talks Value-Based Payment with Cyndy Nayer
Massive data breach. Time for sports analogies? »

Follow me on Twitter

David Harlow 💉😷 Follow 43,243 17,535

Mastodon @healthblawg@c.im #HealthCare #MedDevice #Compliance #Privacy @MyOmnipod #HIPAA #digitalhealth #HarlowOnHC #pinksocks Tweets are tweets No more no less

healthblawg
healthblawg avatar; David Harlow 💉😷 @healthblawg ·
1h 1641080431243042816

The latest Harlow On Health Care Daily https://paper.li/HarlowOnHC/1508522923?edition_id=7a145aa0-ce3b-11ed-b972-fa163e1a70d7 #HarlowOnHC #digitalhealth #healthcare #innovation #privacy #hcldr Thx: @joyclee @ClimaxBetty @_timos_ #digitalhealth #healthtech

Reply on Twitter 1641080431243042816 Retweet on Twitter 1641080431243042816 0 Like on Twitter 1641080431243042816 0 Twitter 1641080431243042816
healthblawg avatar; David Harlow 💉😷 @healthblawg ·
6h 1641015055335432193

ICYMI> Paul Schrimpf, at Prophet Consulting, Driving Health Care Transformation — Harlow on Healthcare https://healthblawg.com/2022/12/paul-schrimpf-prophet-consulting.html?utm_source=twitter&utm_medium=social&utm_campaign=ReviveOldPost #digitalhealth #hcldr #hitsm

Image for the Tweet beginning: ICYMI>  Paul Schrimpf, at Twitter feed image.
Reply on Twitter 1641015055335432193 Retweet on Twitter 1641015055335432193 1 Like on Twitter 1641015055335432193 0 Twitter 1641015055335432193
healthblawg avatar; David Harlow 💉😷 @healthblawg ·
13h 1640909216356487173

ICYMI> Frank McGillin, CEO, The Clinic by Cleveland Clinic — Harlow on Healthcare #digitalhealth #hcldr #hitsm

Image for twitter card

Frank McGillin, CEO, The Clinic by Cleveland Clinic

Harlow on Healthcare: Conversations with Healthcare Innovation Leaders

healthblawg.com

Reply on Twitter 1640909216356487173 Retweet on Twitter 1640909216356487173 0 Like on Twitter 1640909216356487173 0 Twitter 1640909216356487173
Load More
Follow me on Mastodon

HIPAAtools

Hipaatools

The HIPAA Compliance Toolkit

The Walking Gallery

The Walking Gallery

Quick Links

  • Home
  • Categories
  • Archives
  • Podcast Interviews
  • HIPAAtools
  • HIPAA Compliance
  • Health Care Social Media
  • Speaking
  • In the Press
  • Blogroll

David Harlow

David Harlow

HealthcareNOW Radio

Connect with David

  • Twitter
  • Facebook
  • LinkedIn
  • RSS
  • Email
  • Subscribe
  • Contact
  • Book Me: Speaking
  • About
  • The Harlow Group LLC
Copyright © 2006–2023
HealthBlawg is a publication of The Harlow Group LLC. See Copyright notice and disclaimer.
Fair use with attribution and a link is encouraged. Click for more on David Harlow.
[footer_backtotop text="Back to top" href="#"]