No HIPAA Contravention Penalty for Virginia State Legislator

Whilst electioneering to develop into Republican state legislator for Va in 2015, Henrico District doctor Siobhan Dunnavant, M.D., utilized patients’ communication info – categorized as safeguarded health information according to HIPAA Laws – to request contributions from patients to assist finance her electioneering.

Communication info – names and addresses – was communicated to her canvass group and was utilized to share with patients. The identical info was also revealed to a direct mail business: A breach of the HIPAA Secrecy Law. No less than 2 protests were received by the Division of Health and Human Services’ OCR concerning the secrecy breach previous year.

An Office for Civil Rights district office communicated Dunnavant after being warned of the secrecy defiance and notified her that her activities established a forbidden use and revelation of PHI – abuses of the HIPAA Secrecy Law.  These types of violations can lead to the imposition of in financial fines.

Dunnavant, who was later elected to the state senate, might have been charged up to $250,000 for the HIPAA breach and might possibly have been jailed for up to 10 years. Nevertheless, OCR didn’t take further action.

No financial fine was considered proper because Dunnavant took fast action to reduce harm. The inquiry into the HIPAA breaches has now been discontinued.

HIPAA breaches are not always indictable with civil monetary fines and don’t always need resolution contracts. OCR prefers to settle HIPAA breaches through voluntary conformity and by giving out technical help. Civil monetary fines and resolution contracts are usually reserved for the most severe breaches of HIPAA Laws.

Although Dunnavant’s use of patient communication information to request donations did breach HIPAA Laws, the secrecy breach was comparatively negligible and no patient came to damage as a consequence. Dunnavant thought her activities were allowed according to HIPAA Laws because she had gotten a business associate contract before revealing the info.

Senator Dunnavant informed the Richmond-Times Report that the mails were planned to guide patients of her electoral activity and assure them that it wouldn’t have an effect on the delivery of medical facilities. Dunnavant stated she got advice from her attorneys as well as medical practice board prior to mailing the letter and no HIPAA objections were caused.  She also stated she apologized for adding a request for political backing to the letters.