Hi! I have a small part time massage therapy practice in RI. This past weekend, someone broke into my office and broke into locked filing cabinet that had some gift certificate money and my client files.

Nothing, other than g.c. cash was taken but what are the rules regarding potential exposure and HIPAA regulations? I am going to formally inform all of the clients in the file of what happened and a police report has been filed.

The kicker is that there was no "forced entry" and the police believe that it is someone who works for the building management because there have been a rash of other robberies in the past few months (all with no forced entry).

Thanks in advance for your help!!

Kristen

Even if someone does claim a HIPAA (and I don't know if it applies to non-medical practices which I am not sure you qualify as), you took all reasonable precautions to protect your client's interests.

HIPAA governs your conduct and what you can divulge to people. Theft is not your responsibility.

I know that it applies, minimally, because I am a small, solo practitioner. I thought that because all reasonable precautions were taken (locked cabinet in a secure location) I am all set. I just was not sure if I had to report it to an authority greater than the local police department.

Thank you for your response! I really appreciate it!!

Normally it will have to be in a locked cabinet and I have seen if it is medicare they want the cabinets to be also in a locked room within the builing.

But in general this is not HIPPA since you are not giving that info out, it may have been seen because of illegal actions. This has to do with the security of personal info and that release for things like their social security, insurance numbers or even credit card numbers that may have been on file.

HIPPAA stands for Health Insurance Portability and Accountability Act and I don't see how it applies to you. Your behavior did not divulge patient information.