News

Actions

Release Of Woman’s Medical Records Prompts Investigation Into Hospital Policies

Posted at 10:58 PM, May 08, 2013
and last updated 2013-05-08 23:03:25-04

Your medical records are some of the most intimate information that you have.

But, just how easy is it for a complete stranger to steal them away and use it against you?

One West Michigan woman says it was simple and her information was spread all over the Internet for anyone to see and has a warning for others.

Paradise Bond of Grand Rapids said the hospital in question in this case is Spectrum Butterworth.

She contacted FOX 17, saying the hospital gave an imposter some of her private health information over the phone in January..

Paradise said that information was used against her in cyber space to publicly embarrass her and she says it could easily happen to you.

“I’m hurt and I’m going to suffer,” said Paradise.

A few months ago, Paradise Bond went in for medical tests at Spectrum Butterworth Hospital.

She said part of those routine tests were for sexually transmitted diseases.

The details of why she got the tests are something Paradise never dreamed would be posted online for anyone to see.

“She was saying, that’s burning you know,” said Paradise, in reference to a sexually transmitted disease.

The culprit was a woman with a grudge who Paradise said was on a mission to tarnish her name.

After getting access to only her birthdate, Paradise said the woman called Spectrum Butterworth’s ER to see what she could find out.

She said without her approval, Spectrum Butterworth released all of her medical information related to the tests to the woman.

Paradise said that information was immediately posted on numerous social networking sites, including Twitter and Pinterest.

“Imagine right now if somebody’s slandering your name and they’ve got information from your doctor that’s accurate, and there’s nothing you can do about it?” said Paradise.

Spectrum’s senior patient relations coordinator Kelly Keenan did send Paradise a letter, saying, “I sincerely apologize for what you experienced.”

But, Keenan said the hospital employee did nothing wrong because it was the hospital’s policy to give out information with only a birth date and name.

Keenan also says the hospital did not violate the HIPA law, which states medical providers are not allowed to give out medical information to others without written consent.

The letter goes on to say, “Our staff did follow our process, but had no way of knowing that this individual was falsely using your personal information to obtain the lab results.”

A formal investigation is now underway at Spectrum Butterworth Hospital, involving the director of system privacy and information security and the ER to, “assess our current policies.”

“Basically she said the lady reader wasn’t going to get fired and sorry that had to happen,” said Paradise. “They’re going to change the policies. Why are you changing the policy if you all was in the right?”

FOX 17 News wanted to find out just how safe your medical records are and how easily accessible they are.

I checked in with some of the largest medical providers in the West Michigan area to find out.

Many hospitals said they do not release lab results over the phone, although policies varied.

We have included a list of those policies below this article.

Spectrum didn’t want to go on camera to answer our questions about the investigation, but did send me this response:

“Patient privacy is important to Spectrum Health. In this situation, staff followed our process. Unfortunately, someone falsely used our patient’s personal information to obtain results. We thoroughly reviewed this incident and have implemented additional steps to our process.”

Those security steps are listed below:

1.        We call patients. If they call us, we call them back using the number they gave us initially as their contact number.

2.       Verification includes, name, date of birth and last 4 digits of SS number.

3.       If no SS number on file, we ask for address, and phone, what they were seen for and location of where they were seen.

Also, spokesperson Bruce Rossman told FOX 17 by phone Spectrum wanted to stress that the reason they gave out the information was because the hospital was defrauded, not because they give out information to anyone who calls.

Spectrum said since this incident, they have changed.

Paradise says the whole incident makes her not want to go to the doctor and has a warning for you, to check your healthcare provider’s policy.

“If this the policy right now, you’re information can go and get leaked,” said Paradise.

To protect yourself, some doctors suggest you specify in your records or file that information may only be released to you, in person, with a signature.

Meanwhile, Paradise has contacted an attorney and filed a protection order against the woman she accused of posting her information.

She is considering pressing charges against her.

The incident might be considered a form of stalking or harassment which can range from a misdemeanor to something more serious, depending on the case.

Bronson Healthcare Group Statement:

Patients with normal lab/diagnostic or radiology testing results may be notified of lab results via the mail, telephone, MyChart or in person within 5 business days. No clinical information is left on an answering machine. Of course we review this as regulations, such as the Privacy Laws, change.

Patients need to validate name and date of birth before lab results are released over the phone.

Holland Hospital, Holland Statement

– When lab tests are ordered by your family doctor (or by an Emergency Department/Urgent Care doctor), the results are reported back to the requesting physician.

– Patients have the option to sign a form and request that they also receive their tests results. The results are given to patients by one of three methods:

a) we will mail the results to the patient

b) we will fax the results to the patient

c) the patient can pick up the results in person

– We do not share lab test results with patients over the phone.

Metro Health, Kent County,  Statement:

Metro Health takes patient privacy very seriously. A patient may review or receive a copy of their protected health information by contacting the Health Information Department or medical record custodian or office manager and filling out an “Authorization” to release their records. Many Metro Health patients use “My Chart”, a feature of our electronic medical record, which allows them to securely view their medical record when their physician releases information to them.

Mercy Health Partners, Muskegon, Statement:

“For the safety and privacy of our patients, Mercy Health Partners does not provide laboratory results over the phone. To obtain laboratory test results, patients must present in person, establish their identity, and sign an “Authorization for Release of Laboratory Information” form. This procedure allows us to verify the patient’s identity, which cannot be done by phone. Patients can also work with their providers to receive laboratory test results.”

Saint Mary’s Health Care Statement

For the safety and privacy of our patients, Saint Mary’s does not provide laboratory results over the phone. To obtain laboratory test results, patients must request it, present in person, establish their identity with the proper documents, and sign an “Authorization for Release of Laboratory Information” form.

This procedure allows us to verify the patient’s identity, which cannot be done by phone.

Katherine Halloran, APR

Manager, Communications & Public Relations

Saint Mary’s Health Care

Spectrum’s Security Requirements:

1.        We call patients. If they call us, we call them back using the number they gave us initially as their contact number.

2.       Verification includes, name, date of birth and last 4 digits of SS number.

3.       If no SS number on file, we ask for address, and phone, what they were seen for and location of where they were seen.