I gave out a patients phone number to a friend that needed patients at her clinic, the patient got really upset and called to my office asking who was giving out her information which wasn't her ss dob ect. Just her phone#, what can I do or can they press charges against me? My manager fired me.
People can't press charges, they can report incidents to the police, and it is up to police whether to pursue, but it likely will blow over, so no need to stress over it.
Patient cannot even sue you under HIPAA, let alone file criminal charges.
NOT LEGAL ADVICE. FOR EDUCATION AND INFORMATION ONLY. DO NOT RELY ON ANY ADVICE YOU RECEIVE FROM ME OR ANY OTHER ATTORNEY IN THIS FORUM. Legal advice comes after a complete review of the facts and relevant documents and an expressed (written) agreement of representation that forms attorney-client confidentiality. Neither of these two events can occur in this forum. Mr. Rafter is licensed to practice in the Commonwealth of Virginia and the US Federal Courts in Virginia. His answers to any Avvo question are rooted in general legal principles--NOT your specific state laws. There is no implied or actual attorney-client relationship arising from this education exchange. You should speak with an attorney licensed in your state, to whom you have provided all the facts before you take steps that may impact your legal rights. Mr. Rafter is under no obligation to answer subsequent emails or phone calls related to this or any other matter.
Yes, they can file a complaint with the U.S. Department of Health and Human Services online or via phone. US DHHS will then investigate to determine if a violation has occurred and, if a violation is determined, the type of punishment and/or whether it warrants involving the US Department of Justice.
US DHHS Office for Civil Rights can enforce civil penalties that may include penalties from $100 per violation to $25,000 per calendar year. Also, the US Department of Justice can enforce criminal penalties which may include up to 10 years imprisonment and a $250,000 fine.
Your other concerns also seem to center on if the information would be considered "PII", i.e. "Personally Identifiable Information". When combined, a name with a phone number may be considered PII and protected information under HIPAA. Its really going to hinge upon the US DHHS' determination or investigation.
As far as criminal liability under the Texas Penal Code: Unlikely.
As far as civil liability: Always a risk, but very difficult to prove damages given the facts you presented.
Reality check: Will the US DHHS fine you for this alleged violation? Maybe, I know of only one nurse who got in some trouble for an alleged HIPAA violation, however, the majority of the problems that person dealt with were at the hospital staff level, not from US DHHS. She was terminated from her employment for the violation, but did not receive any punishment beyond that to my knowledge. It degraded into more of a union/contract dispute than any issues with US DHHS. However, the black mark of termination has severely impacted her nursing career.
Years licensed, work experience, educationLegal community recognition
Peer endorsements, associations, awardsLegal thought leadership
Publications, speaking engagementsDiscipline