Great Work on Records Snoops Crackdown
Hospital Treating Giffords Puts the Spotlight on PrivacyThe hospital that is treating Rep. Gabrielle Giffords, D-Ariz., and other victims of the Jan. 8 shooting incident in Tucson, Ariz., deserves accolades not only for its care for the victims, but also for calling attention to an important privacy issue.
University Medical Center announced Jan. 12 that it had fired three staff members for inappropriately accessing confidential medical records. In addition, a contracted nurse also was terminated by the nurse's employer for the privacy violation.
The announcement of the action was posted prominently on a high-profile section of the medical center's website labeled "incident command site" that's devoted to coverage of treatment of Giffords and others. So the whole world knows that this hospital takes its privacy policy seriously.
Privacy Policy Example
The high-profile announcement provides an excellent example for other hospitals to follow when dealing with records snoops on their staff. Zero tolerance is appropriate. And a prominent announcement of the sanctions helps ensure that other employees get the message: Snoop in records, and you'll lose your job.It will be interesting to see whether those involved in this case, and other records snooping cases, ever receive federal sanctions for violating the HIPAA privacy rule. The HITECH Act established tougher penalties for HIPAA violations. But so far, only one person has received a prison sentence for a HIPAA privacy violation. More high-profile fines and prison terms could help deter other snoopers.
In its statement, the medical center notes: "With advances in technology, ensuring patient privacy has become the focus of hospitals nationwide. UMC uses sophisticated technology to help prevent and detect inappropriate access to patient information."
Unfortunately, sophisticated technology apparently wasn't enough to prevent this breach. But it may have helped detect it.
Is your organization doing all it can to prevent and detect breaches? Are you sure?