Because of recent changes in federal law, University Medical Center could face steep fines over allegations of violations of patients' privacy. One part of the economic stimulus law enacted in February calls for federal agencies to impose fines as high as $1.5 million on medical providers who inadequately protect patients' data.
Fines jumped from $100 per violation to as much as $50,000 each for the most willful negligence. Penalties are capped at $1.5 million total for offenses within a calendar year.
The new rules went into effect in September but cover any infractions that happened after the American Recovery and Reinvestment Act was signed into law on Feb. 17. Last week, hospital executives were alerted to accident victims' personal information being dispensed to local attorneys who could use it to solicit business from these patients. A more pressing concern is that the pilfered data could lead to identity theft.
Officials suspect at least one employee is behind the scheme.