Illinois Psychiatrist Reported for Exposing PHI of 10,500 Patients

October 17, 2017 James Keogh HIPAA News

A tenant named Barbara Jarvis-Neavins filed a report against Illinois-based psychiatrist Dr. Riaz Baber for mishandling the medical records of more than 10,000 patients.  Apparently, the psychiatrist rented out his property to Jarvis-Neavins who eventually discovered the medical files stored in the basement of the house. Allegedly, the psychiatrist’s wife gave Jarvis-Neavins a key to the basement. When workmen came to the property for a maintenance visit, Jarvis-Neavins needed to accompany the workmen to the basement. Access is necessary so she was given a key.

When Jarvis-Neavins first found out about the files in the basement, she wanted to report that she could access PHI in the property. But she refrained thinking she will be asked to vacate. Later when she was asked to move out because the property was on sale, she eventually reported the unsecured files to the Department of Health and Human Services’ Office for Civil Rights. She also passed the information to NBC5.

NBC 5 reporters covered her story in March 2017. She told about the boxes of medical files with patients’ name, address, birthday, social security number and medical notes.  The news report team contacted Dr. Baber who asked his attorney to respond on his behalf. He said that Jarvis-Neavins shouldn’t have had access to the basement and the medicals records were kept secure in the basement. Immediately after NBC 5 contacted Dr. Baber, all the files were taken out of the property.

It’s odd that the Office for Civil Rights only knew about the breach of 10,500 files of Dr. Baber on September 28, 2017 when the fact is it was reported 6 months earlier. HIPAA rules state that the submission of breach report is required 60 days after discovery.

In cases where physical medical records like physician’s notes, x-ray films, charts, etc are to be stored off site, the covered entities and their business associates must put strict controls in place to make sure of PHI (protected health information) integrity and confidentiality. Access to the files should be totally restricted from unauthorized access. In the case of Dr. Baber’s medical records, there was a breach in access and control.

About James Keogh 144 Articles
James Keogh has been writing about the healthcare sector in the United States for several years. With several years of covering healthcare topics, he has developed expertise in HIPAA-related issues, including compliance, patient privacy, and data breaches. His work is known for its thorough research and accuracy, making complex legal and medical information accessible . James's articles are valuable resources for healthcare professionals and have been featured in reputable publications. You can follow James on Twitter https://x.com/JamesKeoghHIPAA and contact James on LinkedIn https://www.linkedin.com/in/james-keogh-89023681.
Twitter LinkedIn