HIPAA Violations Remind Hospitals to Reinforce Privacy Rules

There's one message Dena Boggan, CPC, CMC, CCP, a privacy and security officer in Mississippi, wants to get across during her HIPAA training: "I tell my employees if they don't remember anything else about HIPAA, remember this -- only access that information which you need to do your job. Period. I tell them if they follow that one simple rule, they'll do just fine." 

Some healthcare employees just can't help themselves lately, especially when high-profile patients occupy their hospital beds.

Two hospitals have fired employees over the past month because they determined they inappropriately accessed patient records. In other words, the employees snooped around – and not for reasons related to treatment, payment, or healthcare operations –  the three pillars upon which HIPAA allows healthcare workers to look at patient records.

Last month, University Medical Center in Tucson fired three clinical support staff members and a contracted nurse for "inappropriately accessing confidential medical records," the hospital reported on its website.

The records were related to the shootings at a Tucson supermarket that killed six and wounded 13 -- including U.S. Rep. Gabrielle Giffords (D-AZ).

This month, the University of Iowa Hospitals and Clinics in Iowa City fired three employees and placed another two on unpaid leave after the hospital learned they inappropriately accessed the electronic medical records of 13 University of Iowa football players.

The fallout is simple: People lost jobs, hospitals' reputations took hits, and the healthcare industry as a whole gets another demerit for lack of privacy controls. The best thing hospitals can do in these situations is learn from it. And that's what Boggan does.