Whistleblowing on a Healthcare Provider About Electronic Health Record Privacy Violations

As an employee at a healthcare provider, you are trusted with the important task of taking care of each one of your patients. Whether you are scheduling their appointments, making sure all their insurance information is correct, handling billing details, inputting their medical history, listening to their medical issues or concerns, checking their vitals, or providing medical care, you play a vital role in the overall treatment that each patient receives during his or her visit.

But what happens when you realize that the healthcare provider you work for is not fulfilling its duty to protect the personal information and privacy of its patients? It can be intimidating to speak out against the company that you work for, but we also understand your sense of moral obligation to reveal what is going on behind closed doors.

If you are an employee of a healthcare provider and you have discovered that a violation of electronic health record privacy is occurring, we can help guide you through the process of taking the necessary legal action.

Since the potential for vulnerability exists when anything is stored electronically, why does my employer insist on having electronic health records?

There was a time where every hospital, doctor’s office, and healthcare provider maintained paper copies of each patient’s medical records. The result was an office full of folders and papers that could only be accessed in that location. With the advent of new technologies, it is now easier than ever for healthcare providers to maintain electronic forms of medical records. In fact, all medical providers are now required by the federal government to use electronic health records. This makes it possible for a patient’s complete medical history to be stored in a single spot and sent over to other providers when necessary.

How are electronic health records kept safe from individuals and companies that should not have access to this information?

To ensure the privacy of each patient, all healthcare providers are required to implement software and database solutions that meet required confidentiality standards that have been established by the federal government.

The company that I work for does not have an appropriate electronic health record system in place. Is this fraud?

If your employer knows that the electronic health record system they are using is not secure and is a privacy violation for patients, then they are committing fraud. Not only are they providing a disservice to their patients, but it also means they have lied to the federal government about how they are meeting the required confidentiality standards.

However, things can also get a little tricky in these types of situations. In some instances, the healthcare provider is unaware that the software or database solutions they are using are not compliant with privacy regulations. How does this happen? Unfortunately, there are also dishonest vendors out there who do not provide what they claim.

How do I know if my employer is responsible for the electronic health record fraud?

Some healthcare providers simply do not want to spend the money and time to set up an electronic medical record system that is compliant with the privacy regulations established by the federal government. So, they lie. If you hear someone at your workplace talking about the decision to go with a system that is less than adequate or there is no system at all in place to protect the personal information of your patients, then your employer is likely at fault.

Should I consult with a lawyer before reporting my employer?

Yes. If you are thinking about reporting your employer for electronic health record fraud, it is important to consult with an experienced attorney before going straight to the federal government. First, you want to protect yourself. If you do not have a lawyer or liaison to the government, then your name will become public, and you could put your job at risk. By having the proper legal support on your side, an attorney can help you understand the provisions and confidentiality details of the False Claims Act.

Second, the specifics surrounding electronic health record technology and law are still fairly new and undeveloped. A False Claims Act lawyer will be most informed and prepared to tackle a matter like this.

What information do I need to be able to report to a lawyer?

If you are going to report a healthcare provider for electronic health record fraud, there are a few key pieces of information you should have on hand for your attorney.

• Name of the technology that the healthcare provider is using (or what they claim to be using)
• Name of the vendor that has provided the electronic health record system
• Any details you have on how the software or database does not meet the required federal standards for privacy

Can you offer me legal assistance if I do not live in Philadelphia?

Ross Feller Casey is a national practice, so you do not have to reside in Philadelphia to receive legal support from our experienced lawyers. We have the capabilities to take electronic health record fraud cases from all over the country.