Washington Health System resolved to suspend some employees after finding out about their supposed inappropriate access of patient health information. Even though there’s no confirmation regarding the number of employees that were suspended from their job, the VP of Strategy and Clinical Services, Larry Pantuso, revealed to the Observer Reporter that roughly a dozen hospital personnel were suspended. At this time, however, no employee was fired because of the unauthorized access of medical record.
The mentioned privacy breaches above are believed to be associated with the death of Kimberly Dollard, a 57-year old WHS Neighbor Health Center employee. She passed away because the out of control car driven by Chad Spence, 43, hit the office building where Kimberly worked. Spence and someone else were taken to the hospital because of injuries from the accident.
Pantuso did not affirm that the employees accessed the medical records of patients associated with this incident. However he did say that the PHI breach was connected to a “high profile incident.” Accessing health information without any legitimate reason violates the HIPAA. Employees are allowed to access PHI for treating patients, medical procedures or payment. If a hospital employee is discovered to have violated HIPAA, he or she will likely undergo disciplinary action by means of suspension, dismissal from employment, revoked work license and, maybe, criminal lawsuits.
There have been a few recent cases that employees were fired because of snooping or accessing the medical files of famous patients. Last February 2018, 13 employees of the Medical University of South Carolina were laid off after they were found to have accessed the medical files of patients, which include famous patients, without proper authorization.
One case lately involved a Martha Smith-Lightfoot, an employee from the University of Rochester Medical Center (URMC). She obtained a list of patient information before leaving her the hospital. She took a new job at Greater Rochester Neurology and gave the list to her new employer. The patients on the list complained to URMC that they were contacted by Greater Rochester Neurology in order to solicit business.
As a result of this HIPAA violation, the New York nursing board’s Office for Professional Discipline pursued a case against Smith-Lightfoot. Smith-Lightfoot agreed to a consent order with the nursing board after acknowledging her violation. Her work license was suspended for one year. She also received an additional one-year stayed suspension and will be on probation for 3 years when she returns to work.
Snooping on patient medical files will always be discovered since logs are made every time someone accesses the health records. Those log files are monitored on a regular basis. If PHI access with no permission is discovered, it’s likelihood that the person responsible will be terminated and will have difficulty finding future employment.