• FreeAdvice has a new Terms of Service and Privacy Policy, effective May 25, 2018.
    By continuing to use this site, you are consenting to our Terms of Service and use of cookies.

Theft of medical records

Accident - Bankruptcy - Criminal Law / DUI - Business - Consumer - Employment - Family - Immigration - Real Estate - Tax - Traffic - Wills   Please click a topic or scroll down for more.



3

3ksmamma

Junior Member
Is accessing someone's address from a hospital computer considered "theft of medical

is accessing someone's address from a hospital computer considered "theft of medical records?"
 
LdiJ

LdiJ

Senior Member
3ksmamma said:
is accessing someone's address from a hospital computer considered "theft of medical records?"
Click to expand...
No. It might be a violation of HIPAA, but its not a theft. If someone unauthorized prints them off and takes them away then that would be a theft.
 
3

3ksmamma

Junior Member
The person that accessed the address was using it for personal reasons. The hospital did an audit of the computer and determined that only registration info was accessed, and no personal medical information. Employee admitted to accessing address and was terminated, but is there a case for "stealing medical records?"
 
Zigner

Zigner

Senior Member, Non-Attorney
3ksmamma said:
The person that accessed the address was using it for personal reasons. The hospital did an audit of the computer and determined that only registration info was accessed, and no personal medical information. Employee admitted to accessing address and was terminated, but is there a case for "stealing medical records?"
Click to expand...
Which brings us back to doe...

(Your question was answered above)
 
quincy

quincy

Senior Member
3ksmamma said:
The person that accessed the address was using it for personal reasons. The hospital did an audit of the computer and determined that only registration info was accessed, and no personal medical information. Employee admitted to accessing address and was terminated, but is there a case for "stealing medical records?"
Click to expand...
There would not be a case for stealing medical records if no medical records were stolen.

Depending on all sorts of facts not apparent here, accessing patient information of any kind could potentially be an invasion of privacy.
 
3

3ksmamma

Junior Member
The problem that we are having is that there's no clear definition of what a "medical record" contains and if someone's address is part of that information. Statute 18-4-412 is a little vague on the definition. Can someone please direct me to where I can find something more descriptive and will say exactly what is contained in the medical record and that a person would have had to actually "steal" the information to be convicted of this?
 
Zigner

Zigner

Senior Member, Non-Attorney
3ksmamma said:
The problem that we are having is that there's no clear definition of what a "medical record" contains and if someone's address is part of that information. Statute 18-4-412 is a little vague on the definition. Can someone please direct me to where I can find something more descriptive and will say exactly what is contained in the medical record and that a person would have had to actually "steal" the information to be convicted of this?
Click to expand...
What was stolen?
 
Zigner

Zigner

Senior Member, Non-Attorney
3ksmamma said:
The problem that we are having is that there's no clear definition of what a "medical record" contains and if someone's address is part of that information. Statute 18-4-412 is a little vague on the definition. Can someone please direct me to where I can find something more descriptive and will say exactly what is contained in the medical record and that a person would have had to actually "steal" the information to be convicted of this?
Click to expand...
Actually, 18-4-412 is pretty clear.
 
quincy

quincy

Senior Member
3ksmamma said:
The problem that we are having is that there's no clear definition of what a "medical record" contains and if someone's address is part of that information. Statute 18-4-412 is a little vague on the definition. Can someone please direct me to where I can find something more descriptive and will say exactly what is contained in the medical record and that a person would have had to actually "steal" the information to be convicted of this?
Click to expand...
It is more what a person's purpose is in gaining access to information and what a person does with the information that is accessed than it will be the actual access itself that will determine if there is a legal action to consider (although unauthorized access under certain circumstances can be a crime).

Finding out a person's address on its own means little, in other words. Addresses are public information. What was the person's reason for using the hospital computer; was the person authorized to use the hospital computer; why was the person using the hospital computer to access information on a patient; what does the person intend to do with the address?
 
3

3ksmamma

Junior Member
The person who accessed the address was a hospital employee, but the address was of a patient who was not in the employees care, just had been a patient at one time. The address was accessed to send mail to a roommate that the employee knew was living with the former patient. An audit of the hospital computer verified that the employee had indeed accessed the patients registration information, but nothing else. Employee was terminated, and the nursing board conducted an investigation due to former patient complaints...DORA concluded that there was not a reason for further discipline. However former patient is continuing to try to press charges.
 
quincy

quincy

Senior Member
3ksmamma said:
The person who accessed the address was a hospital employee, but the address was of a patient who was not in the employees care, just had been a patient at one time. The address was accessed to send mail to a roommate that the employee knew was living with the former patient. An audit of the hospital computer verified that the employee had indeed accessed the patients registration information, but nothing else. Employee was terminated, and the nursing board conducted an investigation due to former patient complaints...DORA concluded that there was not a reason for further discipline. However former patient is continuing to try to press charges.
Click to expand...
Thank you for the additional information.

First, here is a link to the law that you mentioned, Title 18 of Colorado's Criminal Code, section 18-4-412 (scroll to Page 268): http://tornado.state.co.us/gov_dir/leg_dir/olls/2013TitlePrintouts/CRS Title 18 (2013).pdf

The address that was accessed on its own is not a medical record under the law's definition.

I do not see that there is any criminal or civil action available to take against the employee, based strictly on what you have written. I think that the most the patient can hope for has already happened - the employee who accessed the information had her employment terminated.

If you are the patient, you can always consult with an attorney in your area to see if there are any possible legal options available but I do not see any from this distance.
 
Last edited:
You must log in or register to reply here.

Find the Right Lawyer for Your Legal Issue!

Fast, Free, and Confidential
data-ad-format="auto">
Top