Posted on December 2, 2009 by William Maruca

16 Houston Hospital Employees Fired for Snooping

Harris County Hospital District, a Houston area health system, has fired 16 employees for HIPAA violations, according to the Houston Chronicle. The employees reportedly accessed the records of a first-year resident being trained at one of the District's hospitals, following the resident's admission for treatment of injuries she suffered in a shooting incdent in a supermarket parking lot.

HIPAA requires a covered entity to adopt and apply "appropriate sanctions" against members of its workforce who fail to comply with the privacy policies and procedures of the covered entity or the HIPAA privacy rule.  The department of Health and Human Services stated in the preamble to the rule that the type of sanction applied would vary depending on factors such as the severity of the violation, whether the violation was intentional or unintentional, and whether the violation indicated a pattern or practice of improper use or disclosure of protected health information. Sanctions could range from a warning to termination.

The Harris County Hospital District may have elected to terminate the employees to send a strong message that "snooping" in records, even where a co-worker is the patient, will not be tolerated for any reason.

Tags: , , ,
Posted on July 23, 2009 by Helen Oscislawski

Dare to Take-a-Peek? Think Again.

I have said it before, and I will say it again -- employees must come to understand and truly appreciate the huge risks involved and penalties at stake with "taking a peek" at a patient's medical record for no legitimate purpose.

This past Monday, a physician and two former employees at St. Vincent Infirmary Medical Center in Little Rock, Arkansas, pleaded guilty to misdemeanor federal charges that they inappropriately accessed the medical records of local television anchor, Anne Pressly, who was killed back in 2008.   A News Release issued by the U.S. Attorney for the Eastern District of Arkansas states that all three of the accused entered guilty pleas on July 20, 2009 acknowledging they violated the privacy provisions of HIPAA. 

The News Release indicates that the charged physician admitted that after watching a news report regarding Ms. Pressly being slain and taken to St. Vincent's, where he was on-staff, he logged on from home and accessed the hospital’s records system to "determine if the news reports were accurate."   One of the other charged employees, a former account representative at the hospital, admitted that she accessed Ms. Pressly's file about 12 times "out of curiosity". The third employee charged, an emergency room secretary, admitted that she "became curious about the patient's [Ms. Pressly's] status and accessed the medical chart to find out if the patient was still living."  The secretary did not inform anyone about her accessing the chart, but hospital records showed that the patient's records were accessed 3 times that day by the emergency room secretary.  The hospital fired the account representative and the emergency room secretary, and suspended the physician for 2 weeks with required HIPAA re-training.

A sentencing date has not yet been set, but is expected within the next 45-60 days.  Each of the charged individuals faces a maximum penalty of one year in prison, a fine of up to $50,000, or both!    In addition, towards the end of the News Release, the local U.S. Attorney  prosecuting the case included this warning to the health care industry:

"The HIPAA privacy protections are real, and we hope that through vigorous enforcement of HIPAA's right-to-privacy protections and swift prosecution of those who violate HIPAA, we can deter those in the medical industry who have access to protected health information from searching others' medical records merely to satisfy their own curiosity..."

Does anyone dare to take a peek after that warning?   

Tags: , , , , , , , , ,