Consumer Federation of California

When the federal government takes the rare step of fining medical providers for violating the privacy and security of patients’ medical information, it issues a press release and posts details on the web.

But thousands of times a year, the Office for Civil Rights of the U.S. Department of Health and Human Services resolves complaints about possible violations of the Health Insurance Portability and Accountability Act quietly, outside public view. It sends letters reminding providers of their legal obligations, advising them on how to fix purported problems, and, sometimes, prodding them to make voluntary changes.

As part of its examination into the impact of privacy violations on patients, ProPublica has posted about 300 of these “closure letters” in our HIPAA Helper tool. The app allows users to review details of these cases and track repeat offenders. We obtained the letters under the Freedom of Information Act and this is the largest repository of them ever made public.

Most of the letters we’ve received were sent to two large providers, the U.S. Department of Veterans Affairs and CVS Health. They are the entities with the most privacy complaints that resulted in corrective-action plans or “technical assistance” provided by the Office for Civil Rights from 2011 to 2014. But there are also notices of privacy violations sent to Kaiser Permanente, Planned Parenthood and the military’s health care system.

Patients accused the providers of inadvertently, or in some cases deliberately, sharing their health information without their permission.

Continue reading on ProPublica website, where you’ll also find links to previous articles in this occasional series »

Tags: Medical Issues, Medical Privacy, Privacy