top of page

Houston-Based Healthcare System Pays Big For Disclosing Patient’s Private Health Information

There’s a (not so) little thing called physician-patient privilege. It’s a legal right that protects patients from having any information disclosed by his/her doctor in court or in public record. Simply put, it’s a promise of confidentiality. And every American citizen who visits a doctor deserves this right. Texas’ Memorial Hermann Health System (MHHS) recently discovered that violating this right has consequences.

According to a recent press release from the U.S. Department of Health and Human Services (HHS), the Houston-based non-for-profit healthcare system agreed to pay HHS $2.4 million to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. As part of the settlement, MHHS must also adopt a comprehensive corrective action plan.

So what did MHHS do to violate HIPAA rules? According to the report, it all started in September of 2015 when a patient at one of MHHS’s 16 clinics presented an allegedly fake I.D. card to a staff member. After immediately alerting authorities about the incident, the patient was arrested. To be clear, alerting the authorities to the patient’s protected health information (PHI), in this particular case, was not in breach of any HIPAA rules.

The problem began when Memorial Hermann Health System decided to publish a press release about the incident. In the title of the press release, the patient’s name was used. This is a direct violation. Apparently, MHHS’ senior management approved the title, which is impermissible by HIPAA standards. A patient’s name in a press release is considered to be disclosure of his/her protected health information.

Roger Severino is the HHS Office for Civil Rights (OCR) Director. He was not pleased with MHHS’ error in judgement.

“Senior management should have known that disclosing a patient’s name on the title of a press release was a clear HIPAA Privacy violation that would induce a swift OCR response,” he is quoted as saying in the HHS report, “This case reminds us that organizations can readily cooperate with law enforcement without violating HIPAA, but that they must nevertheless continue to protect patient privacy when making statements to the public and elsewhere.”

As mentioned, Memorial Hermann Health System was required to do more than pay the $2.4 million monetary settlement. The comprehensive corrective action plan requires them to update all of their policies and procedures on safeguarding PHI from impermissible uses and disclosures. MHHS must also train its staff to ensure that all workforce members at all of their facilities understand the permissible uses and disclosures of protected health information. This includes disclosures to the media.

At Allegiant Experts, we take physician-patient privilege very seriously. We completely agree that it is the right of every American to have his/her personal health information kept confidential.

For more information about our team of clinical experts, please don’t hesitate to call us at 407-217-5831 or email us at Our experts have been providing expert clinical services for over 15 years and can help your team of attorneys by bridging the disciples of medicine, coding and billing to ensure accurate payment and data is achieved.

1 view0 comments


bottom of page