I have said it before, and I will say it again — employees must come to understand and truly appreciate the huge risks involved and penalties at stake with "taking a peek" at a patient’s medical record for no legitimate purpose.

This past Monday, a physician and two former employees at St. Vincent Infirmary Medical Center in Little Rock, Arkansas, pleaded guilty to misdemeanor federal charges that they inappropriately accessed the medical records of local television anchor, Anne Pressly, who was killed back in 2008.   A News Release issued by the U.S. Attorney for the Eastern District of Arkansas states that all three of the accused entered guilty pleas on July 20, 2009 acknowledging they violated the privacy provisions of HIPAA. 

The News Release indicates that the charged physician admitted that after watching a news report regarding Ms. Pressly being slain and taken to St. Vincent’s, where he was on-staff, he logged on from home and accessed the hospital’s records system to "determine if the news reports were accurate."   One of the other charged employees, a former account representative at the hospital, admitted that she accessed Ms. Pressly’s file about 12 times "out of curiosity". The third employee charged, an emergency room secretary, admitted that she "became curious about the patient’s [Ms. Pressly’s] status and accessed the medical chart to find out if the patient was still living."  The secretary did not inform anyone about her accessing the chart, but hospital records showed that the patient’s records were accessed 3 times that day by the emergency room secretary.  The hospital fired the account representative and the emergency room secretary, and suspended the physician for 2 weeks with required HIPAA re-training.

A sentencing date has not yet been set, but is expected within the next 45-60 days.  Each of the charged individuals faces a maximum penalty of one year in prison, a fine of up to $50,000, or both!    In addition, towards the end of the News Release, the local U.S. Attorney  prosecuting the case included this warning to the health care industry:

"The HIPAA privacy protections are real, and we hope that through vigorous enforcement of HIPAA’s right-to-privacy protections and swift prosecution of those who violate HIPAA, we can deter those in the medical industry who have access to protected health information from searching others’ medical records merely to satisfy their own curiosity…"

Does anyone dare to take a peek after that warning?