PUBLISHED 12/28/07 -----

Doctors, health workers, public safety officers and innumerable others have seemingly had the privacy provisions of the federal HIPAA law tattooed to their foreheads since the statute took effect in 2003.

The Health Insurance Portability and Accountability Act, enacted in 1996 and updated four years ago with additional privacy restrictions, establishes regulations for the use and disclosure of “protected health information,” including even the most general information about illness, injury, condition or financial obligation associated with medical care.

Many doctors are vigilant about individuals’ HIPAA rights, almost to the point of paranoia.

So it is with alarm and dismay we note the claim filed by a former Kern Medical Center resident. Dr. Nicole Sharkey, who was then a fourth-year resident in the OB/GYN department, filed the Dec. 4 claim — a precursor to a lawsuit — against the county, the hospital and several other medical residents for damages she says she suffered after other physicians inappropriately accessed her medical records.

The woman’s attorney said the intentional invasion could be retaliation for reporting sexual harassment to hospital officials.

Drs. George Alkhouri, Tony Hoang, Hans Yu, Marylou Thelmo, Wafika Fahmy and Guillermo Giron violated Sharkey’s privacy protections under HIPAA, according to the claim.

KMC CEO Paul Hensler acknowledges that a violation of some sort took place. “The breach is someone just getting nosy and looking into a chart they had no reason to,” he said. “It is a problem and one we take seriously.”

As we all should. These doctors’ foolish missteps have put the public treasury at risk. More important, though, their alleged actions call into question the hospital’s commitment to the ideals of medical privacy.

It sometimes seems that HIPAA goes too far in its well-intentioned efforts to ensure privacy — many hospitals, for example, read the law as prohibiting them from even saying whether an individual is a patient, much to the consternation of friends and relatives desperate to pay a visit — but this case is black and white.

The Sharkey claim should be a reminder to all that medical information is private and, in most cases, for good reason.

For those who don’t grasp the weight of such violations, maybe this will help: Fines for the knowing misuse of individually identifiable health information can reach $250,000, with imprisonment up to 10 years an additional possibility.