Home Diabetes Test Causes Data Issue

by | Nov 16, 2013

On 26th September, Lori Stein attended Cotton-O’Neil Diabetes and Endocrinology Center in Topeka and met with an endocrinologist for an appointment. Lori Stein´s checkup was standard in order to monitor her diabetes, but during her consultation she inquired if she could have a home test glucometer. A nurse gave her a sample glucometer and some test strips and supplied her with two boxes.

When she got home she found a slip of paper between the boxes and started to read it thinking it was a print out of her consultation. The page contained information on her health conditions and listed her as suffering from severe obesity, which was wrong. She also noticed other diagnoses and treatments which she did not suffer from and when she read the page more closely she noticed the patient details written at the top of the page were not hers. She had been given the page by mistake.

The data at the top of the page included the patients name, address, medical diagnoses, treatment details and general data such as age, height, weight and allergies associated with the patient.

Since Lori had previously been a practicing psychotherapist she was  knowledgeable of HIPAA regulations and realized that the nurse had breached Privacy and Security Rules. In the wrong hands the data could be used to fraudulently obtain benefits and services.

Lori was worried about the incident as she realized that if a simple error like this could be made with another patient, it was possible that her health information may have been released by accident. The next day she called the medical center to report the mistake and was told that the matter would be examined. She was also sent to Barbara Duncan, the chief privacy officer at Stormont-Vail HealthCare.

She arranged a meeting with Duncan where she was asked to return the document, although she refused to hand it over as she considered it to be the only proof of the HIPAA violation. Stein advised Duncan that harm could be done if the data got into the wrong hands, yet Duncan believed the breach to have been caused by “carelessness and laziness and advised Stein that “People get complacent about compliance.”

Stormont-Vail HealthCare Spokesperson, Nancy Burkhardt, subsequently confirmed that its workforce is committed to protecting the privacy of its patients and has been told of the importance of protecting patient data, including being given information on the new Rule.

Burkhardt remarked, “The importance of protecting patient privacy is communicated through articles published in our employee newsletters and in regular corporate compliance meetings. To ensure appropriate monitoring, prevention and detection, we have a HIPAA privacy officer, who is responsible for HIPAA privacy compliance.”

She confirmed that data violations and complaints are treated very seriously and all matters are examined internally and that action would be taken if an employee was found to have behaved in a negligent manner or had made a mistake that caused a HIPAA breach. Each case is treated on its own basis and could potentially result in the termination of an employee’s contract, although in other cases the provision of training may be a more appropriate measure.

Stein also issued a follow up letter to the facility to say that she would take action if her medical records were compromised and received a return letter from Anne M. Kindling, Manager of Risk Management at Stormont-Vail HealthCare. She told Stein that her case had been reviewed and confirmed that Steins medical records had been printed on one occasion but were sent for secure shredding after that.

She was told “Since we were able to retrieve all of the documents, I am confident that your records were not disclosed to any other individual and therefore there was no breach as to your own health information.” She was also told that her claim for damages was denied as the management believes its actions stopped her data from being exposed.

She was also advised that she would be sent a legal document for her to sign to confirm that she had not, and will not, disclose the data she had seen. Stein is now seeking legal guidance regarding making a claim for damages.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy