Doctors, dentists, advance practice providers, and their respective practices should take note of a recent professional discipline ruling in which a nurse practitioner's license to practice in New York State was suspended following a HIPAA breach she caused in 2015 when she disclosed information about former patients to her new employer.
The nurse practitioner obtained a spreadsheet of contact and health information for 3,403 patients she had been treating while employed by her former employer. When she left employment, she brought the spreadsheet with her and gave it to her subsequent employer without the patients' permission. Her new employer then used this information to contact the listed patients about switching providers. Some of those patients complained, and the former employer was fined $15,000 for the HIPAA breach.
In addition, the New York State Education Department Office of the Professions investigated the matter and suspended the nurse practitioner's license to practice for 12 months, followed by two years of probation.
When a provider is leaving employment with your practice, you and the provider have a shared responsibility to ensure no HIPAA-protected information leaves with him or her. You should have a conversation with the provider to make sure he or she understands that violation of this rule could put his or her license at risk. Likewise, when you recruit new providers, you will want to make sure that they do not bring outside patient information into your practice in violation of HIPAA.