Connecticut Medical Examining Board Fines Physician $20,000 for Improperly Accessing Patient Records

A Connecticut physician has received a $20,000 penalty and his medical license has been placed on probation for six months, during which time the physician was ordered to complete educational requirements in physician ethics and patient confidentiality mandated by the Connecticut Medical Examining Board for inappropriately accessing patient records at a hospital after his position at the facility was terminated, states a report from the 2012 Health Law Alertnewsletter, published by the law firm Ober Kaler. The physician, an interventional radiologist, was employed by a company contracted by the hospital to provide radiology services. As of February 3, 2010, his position at the hospital was terminated and his access to the hospital’s electronic record system was revoked. From February 4 through March 5, 2010, the physician used system credentials belonging to other providers to access nearly 1,000 patient records—without the providers being aware that their information was being used. After downloading data belonging to 339 of the patients, the physician contacted the patients to say that he was providing radiology services at another facility. The case illustrates the importance of using effective policies and processes to ensure that healthcare facilities and providers comply with the health information privacy and security provisions of the Health Insurance Portability and Accountability Act (HIPAA). It also illustrates that in addition to potential actions by the federal government, covered entities and business associates may be subject to actions by medical governing bodies as a result of violating privacy and security rules.