Medical group:Alleged HIPAA violations unfounded

Posted at 2:38 PM, May 03, 2016
and last updated 2016-05-03 14:38:25-04

The Buffalo Medical Group says a letter sent to a patient alleging HIPAA violations were made is unfounded.

The letter was sent to several patients last month and claimed their personal information had been compromised. One of those patients contacted 7 Eyewitness News. He showed us the letter, which appeared to be on Buffalo Medical Group letterhead and its authors purported to be three anonymous employees who wanted to bring violations and "breach of patient confidentiality" to light.

The letter claimed a nurse leaked private patient information to a former boyfriend who then told a Buffalo Medical Group official about it, but no action was taken. Whoever wrote the letter used the wrong acronym for HIPAA, which stands for Health Insurance Portability and Accountability Act. The authors of this letter spell it as HIPPA, numerous times.

The Buffalo Medical Group immediately launched an investigation, which found the letter was fraudulent and not authored by any of their employees. In a statement, the group said they believe:

"...the letter was fabricated and widely distributed for the sole purpose of harassing the individuals named in the letter, and that the motives of the author are wholly unrelated to the professional conduct of the Buffalo Medical Group or its employees.  We are working with our advisors to take appropriate legal action against the responsible party."

Buffalo Medical Group has more than 130 doctors and sees about 250,000 patients every three years. It assures its patients that protecting their health information is of paramount importance. The group:

  • Maintains a zero tolerance policy for any violations of HIPAA protected patient information 
  • Subjects staff to disciplinary action up to and including discharge from employment if patient confidentiality is violated
  • Zealously guards all protected health information and employs an electronic medical record that has sophisticated audit functions. 
  • Performs reviews on our records through frequent scheduled and random audits.
  • Offers regular and ongoing education to staff on HIPAA compliance.