Patient Privacy Violations Lead to Fines for WakeMed Health and Hospitals

by | Sep 20, 2016

Following the violation of the privacy of patients WakeMed Health and Hospitals has been ordered to pay a fine of $70,000 by a North Carolina Bankruptcy Court.

The violations happened when submitting proofs of claim to the bankruptcy court. Documents were filed electronically; however, they included the protected health information of debtors, containing names, Social Security numbers, bank account numbers, and dates of birth.

Under Bankruptcy Rule 9037, any proofs of claim filed in court filings must have sensitive information redacted before transmission. Social Security numbers, taxpayer identification numbers, and account numbers must have all but the last four digits of the numbers redacted. Dates of birth must also have the year of birth redacted. In addition to this, if the filings include details of minors only their initials must be included, not full names.

WakeMed Health and Hospitals did not redact this information, and further, a number of the proofs of claims also included protected health information. It was claimed this was a violation of the Health Insurance Portability and Accountability Act along with the hospital’s policy of privacy practices.

At the sanctions motions hearings, hospital staff argued that they had been given the required training on HIPAA regulations, but this did not include the filing of bankruptcy claims. They also outlined that the hospital also had no bankruptcy filing auditing system. Members of staff said they thought that the filing of proofs of claims also came under the definition of payment collections and that this was therefore not included in HIPAA.

While the court did not believe it had the jurisdiction to determine sanctions for HIPAA violations, it did have the power to award sanctions for violations of Bankruptcy Rule 9037.

The court ruled that the disclosure of private information of patients by WakeMed Health and Hospitals and the absence of training and supervision of staff amounted to negligence. The judge said, “An institution that participates in the bankruptcy process as frequently as WakeMed simply cannot ignore the requirements of the court; the Code and Rules are of equal importance to the requirements of HIPAA and other regulations that govern Wake Med’s business practices.”

The court ruled that WakeMed Health and Hospitals to pay punitive damages of $70,000 in addition to covering the legal fees of the lead consumers.

The legal action should serve as a warning to all hospitals that they must ensure compliance not only with HIPAA, but also with other statutes that are in place to protect the privacy of consumers.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy