Share
Tweet
Print
E-mail
Share
digg
reddit
Newsvine
Fark
Stumble
TechnoratiHospital privacy leak could harm patients
Without authorization from families, accident victims’ info allegedly sent to attorneys’ offices
Published Friday, Nov. 20, 2009 | 2 a.m.
Updated Friday, Nov. 20, 2009 | 10:23 a.m.
Contact the Sun
- Accident patients who have been treated at UMC and contacted by legal representatives are invited to contact reporter Marshall Allen at 259-2330 or marshall.allen@lasvegassun.com.
Sun Coverage
Beyond the Sun
- U.S. Department of Health & Human Services: Health Information Privacy
- University Medical Center of Southern Nevada
Private information about accident victims treated at University Medical Center has apparently been leaking for months, the Sun has learned, allegedly so ambulance-chasing attorneys could mine for clients.
Sources say someone at UMC is selling a compilation of the hospital’s daily registration forms for accident patients. This is confidential information — including names, birth dates, Social Security numbers and injuries — that could also be used for identity theft.
Hospital officials knew of rumors of the leaks since the summer, but doubted them until provided evidence Thursday by the Sun. Now they’re scrambling to catch up to a crisis that may affect hundreds, if not thousands, of patients.
Selling — or even giving away — such information would violate federal patient-privacy laws and could result in fines and prison time.
Rory Reid, chairman of the Clark County Commission and one of the overseers of University Medical Center, this morning called on hospital officials to involve Metro police in their investigation.
"I've just called (UMC Chief Kathy Silver) and demanded a full investigation," Reid said. "If somebody is taking patient information and providing it to someone and selling it - that's a criminal offense and we need to know how widespread it is."
Reid also said the hospital needs to notify whatever patients might be affected by the leaked information, which includes names, social security numbers and birthdates — anything an identify thief would need.
Reid said that any hospital employee caught sharing private information "should be prosecuted to the full extent of the law."
News of apparent leaks triggers the latest scandal at a flagging public hospital dogged by financial losses, mismanagement and graft.
The spouse of a patient whose privacy was breached told the Sun that it makes her unwilling to return to UMC. “It’s disturbing because you’re not safe,” she said.
UMC is the area’s only level one trauma center, so it draws the majority of Clark County’s seriously injured traffic accident victims. Learning the names of and personal information about these patients would be a boon for personal injury attorneys on the prowl for clients who could win payouts from insurance companies.
Going on for months?
Kathy Silver, chief executive of the hospital, said Thursday in an interview with the Sun that she heard rumors about information being leaked from the trauma center early this summer. She said a source put her in touch with a local chiropractor, who shared with her the rumor that attorneys were illegally gaining access to patient information. She did a cursory investigation of the attorneys who had requested medical records, but she and the chiropractor agreed that nothing seemed unusual.
Kathy Silver
The chiropractor called her back about three weeks ago, but after she called him back the two never got in touch.
“I thought it was a nonissue,” Silver said.
Then this week, Dr. John Ellerton, UMC’s chief of staff, told her the medical community is abuzz with rumors that patient “face sheets” — cover sheets that provide an overview of each case — were being illegally sent from the hospital to attorneys, Silver said. At the same time, the Sun was calling county commissioners asking about the alleged leak, and the newspaper’s inquiries made their way back to Silver.
Silver said she was not even sure there was a leak until the Sun reporter informed her Thursday that 21 patient records, dated Oct. 31 and Nov. 1, had been provided to the newspaper by a source as evidence of the leak.
It is not known how many patient records have been printed from hospital computers and distributed to outsiders. But the source told the Sun it’s believed to have been going on for months.
Other information contained in the documents includes each patient’s address, employer, insurance information and details of the accident and injuries.
“Wow,” Silver said upon learning about the actual leak of information.
The source who provided the face sheets to the Sun is several degrees removed from the leak at UMC and did not know exactly where the documents came from. Many people knew about the leak and had tried to tell the hospital’s administrators, the source said, but no one had taken any action.
People in the medical community had also informed Clark County Commissioners — who make up the hospital’s board of trustees — about the leak, the source said.
County Commissioner Lawrence Weekly, who serves as chairman of the UMC board of trustees, told the Sun that he heard of the alleged breach from more than one reliable source about 10 days ago. He said he was told that representatives of law firms were approaching car accident victims even while they were in the hospital. He had not talked to the hospital about it because he was not sure if it was illegal for private patient information to leave the hospital.
Lawrence Weekly
“I’m not sure of the legality of that but to me it sounds inappropriate based on my knowledge,” Weekly said.
Weekly said he was doing his own research on the allegation before telling anyone at the hospital.
“I didn’t want to stir the pot up 100 percent until I had the opportunity to ask some folks,” Weekly said.
Criminal violation
Such transgressions are serious violations of the Health Insurance Portability and Accountability Act, better known as HIPAA, a federal law that guards patient privacy in health care facilities. Joy Pritts, an associate professor at the Institute for Healthcare Research and Policy at Georgetown University, said the allegations about UMC, if true, would represent “outrageous conduct.”
“The individual who is committing it is probably in criminal violation of HIPAA,” Pritts said. “They could be looking at jail time. And I’m not kidding.”
A person rushed to the emergency room is at his most vulnerable, with no choice about where he’s treated or who provides his care, said Pritts, who helped write the HIPAA laws. For a patient’s personal information to be sold as a commodity is ridiculous and offensive, she said.
“The motivations for doing this have nothing to do with treating the patient,” Pritts said. “This is all motivated by money.”
HIPAA violations can be investigated by the county district attorney, the state attorney general’s office or the United States Attorney’s office, Pritts said. Congress increased the penalties for HIPAA violations, effective at the end of November. A person who violates a patient’s privacy with the intent to sell information can be fined up to $250,000 and imprisoned for up to 10 years.
The wife of one patient whose information was forwarded to the Sun said her husband was at fault in the accident that sent him to the hospital, and they have not received any calls from attorneys. She was disturbed to be informed by the media that her information had been compromised and expressed concern about identity theft.
“You just want to know: How far did they get?” she said. “Has anyone received it who wants to do something with that information other than represent me as a lawyer?”
The Sun gave her the number of Silver, the hospital CEO, and the two talked on the phone.
After Silver spoke with the woman whose information had been compromised, Silver told the Sun that she was considering calling on Metro Police to investigate the matter.
Past legal trouble at UMC
A police probe would be nothing new at UMC. The hospital’s former CEO, Lacy Thomas, is facing a criminal trial for allegedly handing out no-work contracts to his cronies in Chicago. And members of the facilities department have been arrested for allegedly using hospital materials and manpower to run their own side businesses.
Silver said there have been other recent breaches with patient information. A UMC transplant coordinator was fired after leaving a laptop loaded with patient information in her car, which was stolen. And the company that provides in-house doctors to UMC had to notify patients and monitor their credit after a package that contained their personal information was stolen and later discovered in downtown Chicago.
The Sun faxed two of the patient face sheets to UMC and Silver said they are documents created during the registration process. She said there are several clues that will help with the investigation to determine who is leaking the information.
“There’s some source within our system,” Silver said. “Finding that source is going to be our challenge.”
Copyright Nov. 20, 2009, Las Vegas Sun
Discussion: 19 comments so far…
Comments are moderated by Las Vegas Sun editors. Our goal is not to limit the discussion, but rather to elevate it. Comments should be relevant and contain no abusive language. Comments that are off-topic, vulgar, profane or include personal attacks will be removed. Full comments policy.
Post a comment
Spotlight
-
Where Vegas escapes Vegas
Springs Preserve
$2 off NV resident adult general admission or $4 off non-resident general admission. Code: C01LVSU1210
-
$1 off Carton of Cigarettes.
Las Vegas Paiute Smoke Shop
*Must be 18 years of age or older. No limit on any one brand carton purchases. Cannot be used to purchase Marlboro, KOOL, Camel, Misty, ...
-
-
Free Gift With Loan
Sun Loan Company & Tax Service
Redeem this coupon for a free gift with any loan.
-
15% off Premium Cigars
Las Vegas Paiute Smoke Shop
Not valid for accessories, mass market or cigarettes purchases. Cannot be combined with any other Las Vegas Paiute offer or discounts. Must be 18 years ...
-
$15 off Zen Magic
Zen Magic at Planet Hollywood
See Japan's First Ladies of Illusion. Receive $15 off admission with this coupon.
-
$50 Off
TravelForYouToGo.com
Don't let lack of time, or patience prevent you from having & creating a great vacation experience. My travel planning service will help you create ...
-
Tax Credit Savings up to $12,000
American West
American West can unlock the key to your dream home! Bring to any American West community. The amount of the tax credit differs based upon ...
-
Free In Home Design Service
Furniture Market
Free in home design service by one of our professional designers with this coupon.
-
3 Races For $45, 40% Savings
Pole Position Raceway
At Pole Position Raceway you will kart race at speeds up to 45 mph on a 1/4 mile euro-style course. Race friends & family, or ...
-
25 Minute Treatment starting at $25
Casablanca Resort
Facial Offer code F2510, Body Wrap Offer code B2510, Swedish Massage Offer Code M2510 Book online, Now! www.casablancaresort.com Sunday-Thursday
- Most Read
- Discussed
- Most E-mailed
- Take it from a business owner, Angle is right
- Boyd drops out of Station Casino auction
- Secretary of State candidate charged with misdemeanor battery
- Manny Pacquiao’s Nov. 13 fight will not be in Las Vegas
- Metro launches effort to get officers to wear seat belts
- How ranting in Nevada may have aided Mel Gibson
- Man in wheelchair dies in traffic accident
- Legislature cancels study of state’s tax structure
- Firefighters calling two overnight house fires ‘suspicious’
- Officials: Overnight house fire in Henderson ‘suspicious’
Blogs
Elsewhere
Speaker at Las Vegas hacker conference detained, questioned by U.S. agents
The Kats Report
Cavileer approach at the Silverton: Hotel president announces 50 percent wage reinstatement (5 Comments)
Elsewhere
Forrest Griffin to publish second book in August
Bryce Harper headed back to CSN — at least according to facebook (7 Comments)
Politics: Ralston's Flash
Univision: We stand by the story on Sandoval's remarks, but there's no audio (12 Comments)
The Kats Report
Friends, family turning out in force to honor Vegas music pioneer Todd Sampson
Elsewhere
South Korean developer courts Harrah's for casino at Cambodia's Angkor Wat (2 Comments)
The Sun
Locally owned and independent for more than 50 years.
"I'm not sure of the legality of that but to me it sounds inappropriate based on my knowledge," Weekly said.
WHAT??!! With the HIPA laws being in effect for such a long time for him to say the above is just ridiculous. Sounds like CYA again. Just wondering/
Fire this lazy b Silver.
EVERY THING in Las Vegas is FOR SALE!
As a lawyer, I can say that I have heard rumors for decades that information about accident victims was being sold from all area hospitals to personal injury lawyers. To the best of my knowledge, there has been any hard evidence od such, until now.
The real shame is that Marshall Allen and the Las Vegas Sun are not much better than the personal injury lawyers who engaged in such conduct: Allen, the Sun and the personal injury attorneys have all sought to profit from this situation. The attorneys sought insurance money and the paper sought headlines in order to sell more papers.
Had this story not been run, and had the Sun cooperated with UMC, Metro could have run a sting and might have caught the perpetrator(s), just like they did when an employee was stealing from the Lied clinic. Unfortunately, the Sun's greed has now put the individual(s) perpetrating this crime on high alert while UMC is in no better position to determine who did it.
Thank you for your public service, Mr. Allen and Sun editors. You have put profits ahead of stopping this crime. I hope you can defend your decision.
Is ignorance and incompetence a requirement for employment at the County? Between the Commissioners and the Hospital CEO, nobody has a clue how to run anything. Let us just continue to spend money and blow off citizens. It is good to be King.
What a idiot....she should be fired on the spot. That's before she does jail time. Information like this is so extremely dangerous in the wrong hands...and she just simply let it happen. She's a idiot. Any hint,any whiff of a problem she should have investigated immediately to see if anything was behind it.
Randy, we considered the issues you raised, and here is why we published the story.
The hospital knew something of this leak for months and did not take any significant action. The chairman of the hospital's board of trustees knew specifics of the leak for about 10 days and took no significant action to stop it.
Meanwhile, there's reason to believe that, day after day, private patient information is being leaked from the hospital. This puts the public at immediate risk. The hospital did not decide to take aggressive action until the Sun made inquiries.
As for seeking a headline that would turn us a profit, I note that you're reading the story online - for free.
Stay after them Tom. These numbnuts are going to cause the ruin of that hospital.
dont we have to pay for our internet privledges.i wouldnt exactly call it "free".who owns the local cable/internet franchise,u got it,the greenspun family,the same 1's who own this paper.isnt this sort of like "free" television,where one has to endure all of the advertising sandwiched between content.or does the sun include all of the ad's on this site for "free".i'd bet the dont on that 1.
Don't pick on Weekly. Have some sympathy, as he basically has nothing to do on the Commission.
As far as UMC, I think it was just reported that they lost $20,000,000 in three months. Anyone that has run a business knows that 8% is typically lost to theft, fraud, or whatever; we call it leakage.
They would seem to be $1,600,000 or about $17,777 per day.
Perhaps it's a looting operation?? Note the question marks denote this is not an accusation.
Rory's just pissed because he missed out on his cut!
An attorney engaged in the practices described in this article is in violation of the Nevada Rules of Professional Conduct, which read:
"Rule 7.3. Communications With Prospective Clients.
(a) Direct contact with prospective clients. Except as permitted pursuant to paragraph (d) of this Rule, a lawyer shall not solicit professional employment from a prospective client with whom the lawyer has no family or prior professional relationship, by mail, in person or otherwise, when a significant motive for the lawyer's doing so is the lawyer's pecuniary gain. The term "solicit" includes contact in person, by telephone, telegraph or facsimile, by letter or other writing, or by other communication directed to a specific recipient.
(d) Target mail to prospective clients. Written communication directed to a specific prospective client who may need legal services due to a particular transaction or occurrence is prohibited in Nevada within 45 days of the transaction or occurrence giving rise to the communication."
Source: http://www.leg.state.nv.us/CourtRules/RP...
I urge the Nevada Bar Association to conduct an independent investigation of alleged attorney involvement and to take appropriate action if warranted.
Tom, with all due respect, did you point out that my access to the Sun online is free in order to support the premise that the Sun is NOT motivated to grab headlines and sell papers? The whole premise of your argument is nonsensical, and it appears that you are simply attempting to kill the message by killing the messenger.
Furthermore, as I look at advertising on this very web page, I realize that the Sun receives advertising revenue from readers accessing this web page. I'll restate the original premise (with a corollary): the Sun is motivated to grab headlines, sell newspapers and sell advertising, both in print and online.
In addition to your feeble attempt to divert attention from the Sun's misdeeds by insulting me, you have also mischaracterized the facts of the hospital's knowledge. The hospital only knew of a RUMOR; according to Marshall's story, it did not actually have the patient information necessary to attempt to trace a source until hours before the Sun ran this story. Since the rumor was not confirmed until the source gave the Sun documents, any attempt to equate the evidence given to the Sun with the rumor given to UMC is utterly disingenuous.
And please, do not attempt to wrap the Sun in the cloak of saving the public. The Sun's actions have ensured that the public will remain at risk because, thanks to the Sun, UMC and Metro have lost the element of surprise they will likely need to catch the perpetrator.
Unfortunately, the Sun's "aggressive" action has blown real opportunities for UMC and Metro to solve this crime, now that UMC finally has a small portion of the evidence that Marshall's source gave him. The Sun knowingly and deliberately chose to place selling newspapers and advertising over solving a crime.
Silver says she did a cursory investigation at the beginning of summer and didn't follow through?
Weekly didn't want to stir the pot?
You gotta be kidding. These are federal crimes. Heads should roll. Forget about Metro, the FBI should take this investigation and start indicting people.
Comment 1:
Thank you PFJ for posting the Nevada Bar's rule on solicitation of patients who are severely injured. Let me re-quote one part and then illustrate how the Nevada Bar gives its members a loophole to allow them to do just what is described in Marshall Allen's letter:
"Rule 7.3. Communications With Prospective Clients.
(a) Direct contact with prospective clients. Except as permitted pursuant to paragraph (d) of this Rule, a lawyer shall not solicit professional employment from a prospective client with whom the lawyer has no family or prior professional relationship, by mail, in person or otherwise, when a significant motive for the lawyer's doing so is the lawyer's pecuniary gain. The term "solicit" includes contact in person, by telephone, telegraph or facsimile, by letter or other writing, or by other communication directed to a specific recipient."
NOTE THAT THE FOREGOING RULE DOESN'T FORBID A LAWYER FROM TAKING A PERSONAL INJURY CASE HUSTLED UP BY A THIRD PARTY, NOR DOES IT FORBID A LAWYER FROM PAYING A FEE TO SUCH A THIRD PARTY.
In most states, including Nevada, lawyers employ people called "Cappers" or "Runners". The job of the Cappers and Runners is to get just the sort of information described in Marshall Allen's story. The Cappers and Runners get the information by bribing trauma center employees, or in other cases (not necessarily in Nevada) by bribing cops who are part of accident investigation units. By using Cappers and Runners, the lawyers are not violating their own State Bar's disciplinary rules.
With information about a severely injured patient in hand, a Capper or Runner will then hang out in the waiting room on the floor where the seriously injured patient lies, and watch the patient's door for family members. The Capper or Runner will then solicit the injured person's family in the waiting room, in the elevator, and as they walk out to the car. The typical Capper or Runner, if they have the patient's address, will also show up at the injured person's home.
The Capper or Runner is not acting for one lawyer. Typically they give the family members the name of at least 3 lawyers in separate law firms, including a short resume of cases in which each lawyer has gotten a large jury verdict or insurance company settlement. Essentially, the family gets to "choose" which lawyer they want to hire. The Capper or Runner then "introduces" the family to the lawyer they have chosen.
By schilling for more than one law firm, a Capper or Runner insulates the lawyer from Bar Association discipline for the solicitation of families or patients during a time of intense grief.
Randy makes a good point about killing the messenger to kill the message. In fact, he illustrates it perfectly in attacking the Sun for exposing something that--allegedly--a number of Clark County officials have been ignoring.
LEOs have a number of ways to solve crimes. Yes, they can sometimes set up a sting to try to catch the person in the act. The other thing that they can do is called investigating: asking questions, tracking down leads, identifying sources, developing CIs... you know, what they used to call "police work," before "police work" meant opening fire on fleeing vehicles and deploying Tasers on unruly elementary students.
My reading of this suggests that the allegations weren't being taken very seriously. I suspect had anyone with the county asked the Sun to hold the story pending the results of an ongoing investigation, the Sun would have held the story. But, with no suggestion from Clark County officials, and one saying that he wasn't even sure that it is illegal to release private medical information, the Sun decided instead to do what had to be done to alert the public to the risks of being or having been admitted to UMC.
Comment Part 2:
I had heard of Cappers and Runners in my Ethics class in law school, but never had to deal with one until I was in practice for about 20 years.
A friend was driving her Ford Explorer with "Famous brand" tires on the 15 Freeway, when the tires blew out, and the car rolled. The friend was airlifted to a hospital in San Bernardino, and her nearly dead husband and nearly dead mother were airlifted to UMC, but they they died on the way. Nevertheless, the family's phone number went into circulation in Las Vegas. Less than 24 hours after the accident, the Nevada Cappers and Runners were calling my friend's house in La Crescenta, and family members were being accosted by Cappers and Runners at the hospital in San Bernardino.
There was literally nothing which could be done to keep the Cappers and Runners from calling the family's home, and nothing to keep them away from the family at the hospital. My job in the fracas was to look at the "resumes" handed out by the Cappers and Runners, to see if the lawyers they were proposing were legitimate. Frankly, none of the lawyers presented to my friend's family were first rank plaintiff's personal injury lawyers.
I contacted the State Bar of California, and made complaints about the Cappers and Runners (and their lawyer clients) who were haranguing the family at the hospital in San Bernardino. That Bar Association was very concerned, and wanted the information.
I also contacted the Nevada Bar with this same information, about the Cappers and Runners calling the family from Nevada, shilling for Nevada personal injury lawyers. I was told that there is no law or Bar Association Conduct Rule in Nevada which prohibited the Cappers and Runners from contacting family members about patients who died in Nevada, as long as it wasn't lawyers directly doing the contacting.
Ultimately the Cappers and Runners from Nevada stopped calling, because my friend's daughter finally told them the family had hired an attorney.
The problem with the use of Cappers and Runners is that very often families and patients with very good money claims do not end up hiring the most successful personal injury plaintiff's lawyers, thereby increasing the families and the victims chances of receiving fair compensation for their injuries. Instead people with good claims often end up with very mediocre lawyers, thanks to Cappera and Runners. I personally believe one reason that local Bar Associations do not outlaw this practice is because the sentiment is "Second rate or inexperienced lawyers have to get clients somewhere."
Comment Part 3:
This problem of aggressive client solicitation is not unique to Nevada. California law also absolutely bars the use of cappers and runners. However, in California, there have been so many train crashes, with horrific deaths and injuries, that the State Bar of California has had to adopt special rules regulating lawyer conduct in connection with train and airplane crashes. Apparently, during the most recent, horrific Chatsworth crash, lawyers rushed to the scene and were directly soliciting clients while they were waiting for transport to hospitals.
Yes, I remember laying on a stretcher, on the dirt, after being pulled out of my crashed train, waiting for my turn to be put into an ambulance. That was many years ago. The only person keeping me company while I lay there, in horrific pain, was a Capper or Runner, who entertained me by telling me stories about all of the hot shot trial lawyers he represented. When I reminded him that Cappers and Runners were operating illegally in California, he just laughed.
No, I didn't return his kindness by hiring one of his lawyer clients. I hired my own law firm to represent me, because I knew I could control the quality of the lawyering. That's the other problem seriously injured laymen and their families have. They simply don't have any way to tell if their lawyer is doing a good job for them, or not.
The fact that a lawyer can afford lots of television advertising does not tell an injured person, or his family, anything other than the fact that the lawyer's means of manipulating his clients and his cases produces enough revenue to pay for television ads.
There is a website called superlawyers.com, where there is a "peer review" and only hot shots who can get the job done for their client are included. I just wish there was more publicity about that website, because it does separate the wheat from the chaff in personal injury plaintiff's lawyers.
I don't know where this investigation of UMC will go, but realistically unless Kathy Silver has been getting kick backs to look the other way, the situation is not her fault, and she shouldn't be fired for it.
Instead, perhaps she should be fired for NOT forcing UMC employees to tell uninsured patients that Nevada law requires that hospitals give cash patients at least a 30% discount. She never told me that, when I wrote her a letter about bogus billing by UMC Quick Care doctors. Instead, she just wrote me back and offered a 50% discount to shut me up.
FWIW:
"Nevada currently requires that hospitals give uninsured patients a 30 percent discount on hospital costs. One bill sought to increase that to 50 percent, but the compromise simply asks hospitals to detail their policies on charging the uninsured."
Ref:
http://www.lasvegassun.com/news/2005/may...
: {