Harris County Hospital District, a Houston area health system, has fired 16 employees for HIPAA violations, according to the Houston Chronicle. The employees reportedly accessed the records of a first-year resident being trained at one of the District’s hospitals, following the resident’s admission for treatment of injuries she suffered in a shooting incdent in a supermarket parking lot.
HIPAA requires a covered entity to adopt and apply "appropriate sanctions" against members of its workforce who fail to comply with the privacy policies and procedures of the covered entity or the HIPAA privacy rule. The department of Health and Human Services stated in the preamble to the rule that the type of sanction applied would vary depending on factors such as the severity of the violation, whether the violation was intentional or unintentional, and whether the violation indicated a pattern or practice of improper use or disclosure of protected health information. Sanctions could range from a warning to termination.
The Harris County Hospital District may have elected to terminate the employees to send a strong message that "snooping" in records, even where a co-worker is the patient, will not be tolerated for any reason.