HealthBlawg

David Harlow's Health Care Law Blog

    • Twitter
    • Facebook
    • LinkedIn
    • RSS
    • Email
  • About
  • Archives
  • Podcast
  • Press
  • Awards/Reviews
  • HIPAA
  • HCSM

Practice Pointers in the Wake of the Johns Hopkins Hospital Privacy Settlement

August 11, 2014


An OB/GYN at Johns Hopkins was fired last year after a colleague reported her suspicions about a "pen-like device" that was always around his neck, and that turned out to be a camera. He had secretly photographed 7,000 patients over ten years while conducting pelvic exams. Ten days later he committed suicide. Last month, the hospital agreed to settle the class action lawsuit brought by patients whose privacy had been violated for $190 million.

My advice to health care providers (Covered Entities under HIPAA) in a story in Report on Patient Privacy in light of this case recognized the fact that there is no way to protect an organization against a determined bad actor, but there are ways to limit the damage that may be wrought by such an individual. Photography is clinically appropriate in a wide variety of situations, but given the attention that this case has been getting nationally, Covered Entities would be well-advised to review photography and recording policies and their implementation, and be sure to explain them carefully to patients.

Here's an excerpt from the piece with some of my specific advice:

  • Ensure consent is appropriately received. For example,“obtaining informed consent for use of photography or other recording devices should be standard in both the research and treatment contexts. In the research context, institutional review board approval should be required in advance as well. Policies should mandate the documentation of informed consent before any recording may be made.”
  • Make it easy to complain. “If there is a strong culture of compliance, generally, in a practice or institution, then reporting of violations or suspected violations of whatever sort, via an anonymous tip line or other mechanism, may be promoted and used.”
  • Look beyond policies and procedures. “I don’t care how carefully you have plotted out your privacy and security compliance plan,” Harlow says. “It has to be implemented by the people in your organization, and if they have not bought in to the whole concept and taken the core principles to heart, then the plan can never truly be operationalized.”
  • Customize your approach. Make it homegrown, and provide training and education “not just with respect to the ‘shalts’ and ‘shalt nots’ in the privacy rulebook.”
  • Foster patient empowerment and “patient-centeredness.” When this is done, “patients speak up immediately if something seems amiss rather than harboring misgivings.”

CEs should take care to employ methods that fit “with a broader culture of compliance and patient-centeredness and patient empowerment throughout the institution,” Harlow concludes. “Unless this is done, an institution runs a greater risk of experiencing a local or general breakdown in the realm of patient privacy.”

There has been no announcement to date of an OCR investigation in this matter. As in the case of the recent story about "baby wall" photographs of newborns, some commentators note that the photographs in question are not identifiable as photographs of specific individuals and therefore do not raise HIPAA issues.

The damage done in this case to the trust of thousands of women is likely to be felt for years, as many members of the class — as well as other women — are likely to avoid the health care system in the future and therefore to bear a heightened burden of disease.

David Harlow
The Harlow Group LLC
Health Care Law and Consulting 

Filed Under: Health care policy, Health Law, HIPAA, Hospitals, OCR, Physicians, Privacy, Social Media

you might also like:

  1. HIPAA Privacy and Security Compliance: Should You Care?

  2. HIPAA: Liability to Private Parties for Violations

  3. Smile! Privacy Policy Snapshot ~ Model Privacy Notice

« Solving Sovaldi: David Harlow Talks Value-Based Payment with Cyndy Nayer
Massive data breach. Time for sports analogies? »

Follow me on Twitter

David Harlow 💉😷 Follow 43,238 17,534

Mastodon @healthblawg@c.im #HealthCare #MedDevice #Compliance #Privacy @MyOmnipod #HIPAA #digitalhealth #HarlowOnHC #pinksocks Tweets are tweets No more no less

healthblawg
healthblawg avatar; David Harlow 💉😷 @healthblawg ·
4h 1640718041855184902

The latest Harlow On Health Care Daily #HarlowOnHC #digitalhealth #healthcare #innovation #privacy #hcldr Thx: @mlleavocado @DigitalSalutem @HannaRail #digitalhealth #ai

Image for twitter card

80-hour weeks and roaches near your cot? More medical residents unionize

npr.org Part of a national trend, medical residents at Penn Medicine in Philadelphia push to form a union to dem...

paper.li

Reply on Twitter 1640718041855184902 Retweet on Twitter 1640718041855184902 0 Like on Twitter 1640718041855184902 1 Twitter 1640718041855184902
healthblawg avatar; David Harlow 💉😷 @healthblawg ·
6h 1640697826802900992

ICYMI> Lissy Hu, President of Connected Networks at WellSky — Harlow on Healthcare https://healthblawg.com/2023/01/lissy-hu-wellsky.html?utm_source=twitter&utm_medium=social&utm_campaign=ReviveOldPost #digitalhealth #hcldr #hitsm

Image for the Tweet beginning: ICYMI>  Lissy Hu, President Twitter feed image.
Reply on Twitter 1640697826802900992 Retweet on Twitter 1640697826802900992 0 Like on Twitter 1640697826802900992 0 Twitter 1640697826802900992
healthblawg avatar; David Harlow 💉😷 @healthblawg ·
13h 1640592481241759744

ICYMI> Jenny Schneider, MD, CEO of Homeward: Rural Health Meets Value-Based Care — Harlow on Healthcare https://healthblawg.com/2022/06/jenny-schneider-homeward.html?utm_source=twitter&utm_medium=social&utm_campaign=ReviveOldPost #digitalhealth #hcldr #hitsm

Image for the Tweet beginning: ICYMI>  Jenny Schneider, MD, Twitter feed image.
Reply on Twitter 1640592481241759744 Retweet on Twitter 1640592481241759744 1 Like on Twitter 1640592481241759744 0 Twitter 1640592481241759744
Load More
Follow me on Mastodon

HIPAAtools

Hipaatools

The HIPAA Compliance Toolkit

The Walking Gallery

The Walking Gallery

Quick Links

  • Home
  • Categories
  • Archives
  • Podcast Interviews
  • HIPAAtools
  • HIPAA Compliance
  • Health Care Social Media
  • Speaking
  • In the Press
  • Blogroll

David Harlow

David Harlow

HealthcareNOW Radio

Connect with David

  • Twitter
  • Facebook
  • LinkedIn
  • RSS
  • Email
  • Subscribe
  • Contact
  • Book Me: Speaking
  • About
  • The Harlow Group LLC
Copyright © 2006–2023
HealthBlawg is a publication of The Harlow Group LLC. See Copyright notice and disclaimer.
Fair use with attribution and a link is encouraged. Click for more on David Harlow.
[footer_backtotop text="Back to top" href="#"]