• News New Blog Banner

  • Theft of Unencrypted Health Records Results in $150K HHS Fine

    A stolen flashdrive containing patient records has resulted in a $150,000 federal fine for violation of the Health Insurance Accountability and Portability Act (HIPAA). According to the US Department of Health and Human Services (HHS), this case marks the first settlement over noncompliance with the Health Information Technology for Economic and Clinical Health (HITECH) Act.

    The fine is part of a resolution agreement (.pdf) with Adult & Pediatric Dermatology PC, of Concord, Massachusetts (APDerm), owners of the stolen drive. According to the HHS announcement of the agreement, the unencrypted drive was in a computer bag taken from an employee's locked car and contained records on approximately 2, 200 patients. The drive has not been recovered.

    In addition to the financial penalty, APDerm has agreed to participate in a corrective action plan involving the creation of multiple risk analyses and regular progress reports to HHS. The HHS Office for Civil Rights investigation revealed that APDerm had not conducted sufficient risk analyses and did not implement required policies, procedures, and workforce training around electronic protected health information.

    Although physical therapists (PTs) are not yet required to adopt electronic health records (EHR) under the Medicare and Medicaid Meaningful Use programs, most clinicians involved in electronic submission of patient information are subject to HIPAA rules. APTA provides resources on complying with the complex HIPAA Omnibus Rule on APTA's HIPAA webpage.

    More information on the HIPAA Omnibus rule requirements—and more examples of data breaches like the one described in this story—are featured in an APTA Learning Center webinar.

    Fake Surgery Just as Good as the Real Thing for Meniscus Tears

    Actual surgery is no better than simulated surgery in treatment of individuals with nontraumatic degenerative meniscal tears and no osteoarthritis, according to a study recently published in the New England Journal of Medicine.

    In the study (abstract only available for free), researchers identified 146 patients aged 35–65 with nontraumatic meniscal tears and randomly assigned them to receive either a partial meniscectomy or a "sham" procedure that only simulated the surgery. All study participants received similar postoperative care that included an exercise program and analgesics as needed.

    After 12 months, researchers found no significant differences in recovery between the patient groups, with similar levels of improvement in Lyshom and Western Ontario Meniscal Evaluation Tool scores and comparable ratings for knee pain after exercise. Study authors caution that the findings apply only to individuals with degenerative medial meniscus tears and no osteoarthritis.

    The recent study supports earlier research that found physical therapy to be just as effective as surgery for meniscal tears. These findings were recognized by APTA in March 2013.