MobileRJ | RSS TwitterTwitter FacebookFacebook E-mail Alerts
Home manage Las Vegas Review-Journal
  Jobs Cars Homes Shopping Travel Weddings Golf Best of Las Vegas Photo   Search:

RECENT EDITIONS
Wed Thu Fri Sat Sun Mon Tue

sponsored by
News
Nov. 21, 2009
Copyright © Las Vegas Review-Journal

PATIENT PRIVACY: FBI probing UMC data leaks

Disclosures of patient information alleged in violation of federal privacy laws

By SCOTT WYLAND
LAS VEGAS REVIEW-JOURNAL

The FBI is investigating claims that sensitive patient information was leaked from University Medical Center, violating federal privacy laws.

Hospital officials suspect at least one employee sold documents with confidential data about accident victims to local attorneys who could use it to solicit business from these patients.

Most Popular Stories
  • Obama dings Las Vegas — again
  • Obama dings Las Vegas — again
  • 'YOU DON'T BLOW A BUNCH OF CASH IN VEGAS ...': Obama remark reopens wound
  • LAUGHLIN EDGEWATER: Two dead in casino car crash
  • NORM: Ad's Strip scenes raised eyebrows
  • Tourist describes chaos as car plows into Laughlin casino, killing two
  • Tourist describes chaos as car plows into Laughlin casino, killing two
  • IMAGES FROM 1860S: Photos show historic Nevada
  • NORM: $1 million wager on Super Bowl approved
  • Fighter battles rare disease that shatters mixed martial arts dream
  • Flood advisory for Las Vegas Valley
  • Shutting down the Ritz
  • Shutting down the Ritz




    • "We're trying to find out how widespread it is," hospital spokesman Rick Plummer said, noting that the FBI investigation began Friday morning. "It goes against everything we stand for. Whatever attorney's office this went to should be very nervous."

    Those who flout the federal Health Insurance Portability and Accountability Act, also known as HIPAA, face a possible $250,000 fine and 10 years in prison for each offense.

    The State Bar of Nevada has received no complaints about attorneys inappropriately receiving or using UMC patient information, spokesman Phil Pattee said.

    But Pattee said a combination of ethics rules prohibits lawyers from engaging in the kind of activity alleged in the UMC case.

    "Essentially you cannot give nonlawyers anything of value for referring a client to you," he said.

    While lawyers are allowed to advertise, they are not allowed to solicit business directly from prospective clients, although there are exceptions, Pattee said.

    Because federal laws might have been broken, local authorities probably won't get involved, said Bill Cassell, a spokesman for the Metropolitan Police Department.

    The U.S. Attorney's office will handle the case if an arrest is made, according to an official in the district attorney's office.

    Daniel Bogden, the U.S. attorney for Nevada, said he could neither confirm nor deny that a matter is under investigation.

    But he said he is not aware of any past federal prosecutions in Nevada involving HIPAA violations.

    UMC is a county hospital with a trauma center that handles a high volume of patients who have been in car wrecks.

    An unnamed tipster showed a Las Vegas Sun reporter "face sheets" containing personal data on accident victims, including birth dates, Social Security numbers and injuries, Plummer confirmed. The newspaper informed the hospital's chief executive Kathy Silver, who said she had heard rumors about leaks months before.

    Silver declined to comment Friday.

    Clark County Commissioner Rory Reid said he told both Silver and the county manager to launch an investigation. The hospital must prevent further breaches of privacy and notify the patients whose personal information was disclosed, Reid said. The county also should do an internal audit to help pinpoint the leaks, he said.

    This is the latest blow to a hospital struggling to improve its finances and image. UMC's deficit ballooned to more than $80 million this year and is expected to remain deep in the red next year.

    Lacy Thomas, the hospital's former chief executive, was fired nearly three years ago amid allegations that he mismanaged funds and funneled lucrative contracts to Chicago friends who did no work in return.

    Commissioner Lawrence Weekly, who sits on UMC's board of trustees, said he was upset that the hospital suffered a setback in regaining the public's trust. The leaks unfairly blemish the hospital employees who are honest and dedicated to helping patients, he said.

    "It's frustrating and it's disheartening," Weekly said. "This kind of nonsense is unacceptable."

    Review-Journal writer Carri Geer Thevenot contributed to this report. Contact reporter Scott Wyland at swyland@reviewjournal.com or 702-455-4519.

    Newsvine Digg Fark Technorati reddit StumbleUpon del.icio.us Slashdot Propeller Mixx Furl Twitter MySpace Facebook Google Bookmarks Yahoo! Bookmarks Windows Live Favorites Ask MyStuff myAOL Favorites

    Leave Your Comment 11 Reader Comments
    Terms & Conditions
    The following comments are provided by readers and are the sole responsiblity of the authors. The reviewjournal.com does not review comments before publication nor guarantee their accuracy. By publishing a comment here you agree to abide by the comment policy. If you see a comment that violates the policy, please notify the web editor.

    Some comments may not display immediately due to an automatic filter. These comments will be reviewed within 48 hours. Please do not submit a comment more than once.
    Current Word Count:

    Note: Comments made by reporters and editors of the Las Vegas Review-Journal are presented with a yellow background.

    Eric Nelson wrote on November 22, 2009 10:15 AM: Under the new HIPAA/HITECH provisions, UMC can be fined up to $250k for "willful neglect", but if the UMC staff knew about the breaches and didn't correct them, UMC could face civil fines up to $1.5 million.

    In addition, criminial charges can and should be brought against any individual(s) that have misused protected health information.

    Eric Nelson
    President
    Secure Privacy Solutions
    www.secureprivacysolutions.com


    YOUR RIGHT! wrote on November 21, 2009 11:12 PM: Given PIO Cassels stated LVMPD won't do anything, District Attorney David Roger has the authority and jurisdiction to charge and prosecute criminals.

    This needs to be done to protect Clark County. The patients that were involved in car accidents and transported to UMC have probable cause their medical information was disseminated without their knowledge. This cause exists whether the evidence is produced or not.

    Damages will have to be proven, but a sympathetic judge can award up to $70,000 in economic damages and an unlimited amount in non-economic damages.

    DA Roger needs to protect the taxpayers should the Clark County liability carriers begin to pay out as they are in catastrophic claims already.


    Too_much_government wrote on November 21, 2009 06:36 PM: The FBI is investigating ..

    This is ridiculous. The FBI is an *unconstitutional* federal police force. Besides, if the FBI is going to investigate medical record privacy violations, they should start by looking at our political hack AG, Cortez-Masto. In the last legislative session, her office testified that Nevada should forward residents' mental health records to the feds, so as to deny them gun ownership rights.


    Little WIllie wrote on November 21, 2009 06:14 PM: Pathetic. Weekly didn't know it was illegal, and sat on this for two weeks? Kathy Silver was notified in early summer. What the heck is going on with the county and UMC.

    This place is a cess-pool of fraud and corruption. It is time the county looks at a total overhaul or maybe selling the place to a private operator. That would limit our losses and protect patients.

    It simply cannot continue on this path. The hospital is bleeding money and now this. We need to get a handle on UMC and what is going on..


    help wrote on November 21, 2009 11:57 AM: "It's frustrating and it's disheartening," Weekly said. "This kind of nonsense is unacceptable."

    What is disheartening is the lack of knowledge from Weekly the chairman of the hospital. He told the Sun he was not sure if it was illegal, and he knew for weeks and did not notify anyone. Then he said he did not know he was checking into the matter himself. This is what happens when we elect uneducated people to represent the interest of the general public. The RJ needs to do a better job digging into stories, the Sun reporters are much better when it comes to exposing news.


    HELEN WEILS wrote on November 21, 2009 10:30 AM: EVERYONE KNOWS THAT IS THIS DUMMY HARRY REIDS FAULT AND THAT HE ALWAYS HELPING HIS ATTORNEY AND DOCTOR FRIENDS.

    THE ONLY TRUE REPUBLICANS IN THIS STATE ARE JOHN ENSIGN AND JIM GIBBONS AND I WILL BE CAMPAIGNING TODAY SO I WILL SEE YOU SOON AT YOUR DOOR.


    Axel wrote on November 21, 2009 08:45 AM: My guess is that when this all falls out, they'll charge (or sue) some nurses, doctors, or low level UMC admin personnel, but the lawyers who generated the bribes for the confidential patient information will get off scot-free.


    MR. H. wrote on November 21, 2009 08:14 AM: I had a client involved in a major accident. I represented him in a real estate transaction. He had another PI lawyer for his accident case. However, he relayed to me that the Philipino staff at UMC called an attorney married to a Philipina friend of theirs, who hounded him, as did the staff, who kept putting his business card under his dinner plate.

    I am guessing the UMC employee selling the info is from the Phillipines.


    Question wrote on November 21, 2009 07:17 AM: What this article fails to state is the period of time the confidential information was being sold. Was it in the past three years, or was it just one more of the corrupt money making deals that was going on under the reign of Lacy Thomas?


    Duane wrote on November 21, 2009 05:05 AM: Government health care anyone?


    Read All Comments