Question

Research a major (note the word major) security/ privacy breach that occurred in the healthcare or public health domain in the last 5 years. Answer the following questions. What was the impact on patients?

What could have been done to prevent it?

What was the penalty / fine awarded to the healthcare organization?

Answer 1

Unauthorized Disclosure of Patients’ Protected Health Information During ABC Television Filming ; Boston Medical Center, Brigham and Women’s Hospital and Massachusetts General Hospital compromisied patient privacy during the filming of an ABC documentary in October 2014 January 2015. They allowed the TV show "Save My Life: Boston Trauma" to film on premise.

Roger Severino, OCR director, said in a news release, 'Patients in hospitals expect to encounter doctors and nurses when getting treatment, not film crews recording them at their most private and vulnerable moments.' And this is true so. People are sensitive to their privacy issue, even patients. It is even their right. Only the health providers who are providing care and treatment to the patient have the right to have access to his information. No patient wants to make a story out of their most vulnerable moments. This was the case with the patients who data was shared without with their consent with some film crew.

It could have been prevented if each hospital would have trained its workforce properly on the importance of patients' privacy and how to maintain the confidentiality. The privacy right of a patient is not to taken lightly. If the organizations would have been sensitive to the patients' right this could have been avoided. The organizations' should have taken proper informed authorization from the patients before allowing some strangers to film them or get access to their medical records.

Boston Medical Center, Brigham and Women’s Hospital and Massachusetts General Hospital settled with the Office of Civil Rights for $999,000 in 2018 for compromising patient privacy during the filming of an ABC documentary.

All three hospital reached separate settlements with OCR for inviting ABC film crews to film on site without first obtaining patient authorization. BMC was fined $100,000, BWH settled for $384,000 and MGH paid $515,000. Each will implement staff training as part of individual corrective action plans. Each organization is required to re-train its workforce, such as reviewing OCR's guidelines for disclosing health information to film and media, as part of a corrective action plan.