How to Stop HIPAA Compliance from Killing You

HIPAA compliance allows your medical records to be safe, but in this case, it endangered the lives of a family. How do cyber security and data privacy negatively affect us? How can we best protect ourselves, and not put others at risk? See what happened at a local hospital.

HIPAA stands for Health Insurance Portability and Accountability Act, a law passed in 1996. It was designed to protect medical records and patient privacy. Recently, Utah law enforcement has voiced some issues with the law, seeking to change the cyber security standard to potentially better protect the public

In Millard County, Utah, an arrested man was admitted to Utah Valley Hospital for psychiatric treatment, and wasn’t released back into police custody. The man was later found and arrested again, but the situation caused an outcry from local police forces.

The man’s name was not given in sources from KSL.com, however, the story was. In Millard County on May 30, a man, on parole, fired gunshots in a home, and then threatened to kill family members. A standoff ensued, but a few hours later he surrendered to SWAT. He was taken to the county jail, but there was a concern for his mental stability. Since no treatment options were available to him there, the Sheriff’s Department admitted him to IHC’s Utah Valley Hospital.

A warrant was issued and sent to the hospital, so as to educate the hospital staff of his pending arrest upon release. However, he was never arrested. It is unknown exactly when he was released from the hospital, but the Millard County Sheriff’s Dept. received reports of threatening texts from the man being sent to the family. Police tracked him down and found him in Duchesne County in possession of a knife. He was arrested and taken to the Utah State Prison.

The hospital was questioned about the release of the man and asked why they didn’t inform the police of his release. The following statement was made.

“Due to federal privacy laws, Utah Valley Hospital is unable to comment on this specific patient. However, federal law dictates what hospitals can and cannot tell law enforcement about any patient. If a patient is not in police custody, there are federal guidelines on what hospitals can and cannot share with law enforcement, and Utah Valley Hospital follows those guidelines.”

HIPAA privacy laws dictate that medical records are required to be kept confidential, and never shared. They must be stored offsite at Data Centers that meet certain safety and cyber security requirements. In the hospital, information disclosure is strictly regulated and monitored.

What does this mean for you? Millard County Sheriff Robert Dekker thinks that the HIPAA laws infringe on public safety and that cases like this show a need to change the way hospitals interact with law enforcement. He stated:

“We are not trying to make an enemy out of IHC (Intermountain Healthcare) or any other medical facility,” Dekker said. “We just want good relationships to take those who might be deemed dangerous, to put them where they can’t hurt anybody.”

HIPAA keeps patients safe and allows for medical records to be private and secure. In this case, however, it allowed a wanted individual to escape the police, and put lives at risk. What do you think? Should HIPAA compliance laws be changed to allow more open communication between law enforcement and hospitals? Could this special privilege be abused? Comment what you think below!